3:54 a.m.
On 22. 11. 19 10:30, Stian Thorgersen wrote:
On Thu, 21 Nov 2019 at 12:07, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
I want to ask some feedback about the screen for the "Setup TOTP"
. I've
created JIRA https://issues.jboss.org/browse/KEYCLOAK-12168 , which
contains some screenshot of how currently the screen for the required
action for "Setup OTP" looks like. In other words, this is
displayed to
the user at the end of the authentication when he has "Setup TOTP"
required action on him.
Few questions:
* Is the "Device name" appropriate label? Would something like
"Authenticator App Label" be better?
I'm not too keen on either. Maybe "Phone name"?
That could be fine,
but aren't also different possibilities for generate
OTP codes than sticking to "phone" ? The "Device name" is at least
slightly more generic, but I am not sure if it is the great label either...
* Should it be more emphasized that "Authenticator App Label" is not
mandatory? IMO it is currently not very clear. Also there is
nothing
in the help-text about this input field. Maybe we can add another
sentence to point 3 like "Optionally provide Authenticator App
Label
as a reference." I am not very happy with that sentence. Any
better
ideas?
What about only asking for a label if there is already one registered?
Most users will only use one and it seems unnecessary to ask them to
add a label.
Yes, but let's assume this scenario:
- User registers first OTP. Keycloak deosn't allow him to add label
- He user wants to register the second OTP. So he registers the second
and added the label like "My samsung phone"
- Now he wants to authenticate. So Keycloak will allow him to choose
between "My samsung phone" and <nothing> because the first OTP didn't
have any label and didn't allow user to choose any label when he was
registering it.
To improve slightly on this, we have JIRA for generating some kind of
"default" labels, which will be used in case that no label is provided,
and also for migration from previous version where wasn't possibility to
add labels: https://issues.jboss.org/browse/KEYCLOAK-11907 . So there
will be some default labels like "Phone 1" or "Device 1", which will
at
least allow user to differentiate.
* Alternatively we can use separate screen for providing the
"Authenticator App Label" . In other words, there will be just
single input for OTP code and than once user clicks "Submit"
and OTP
code is successfully verified, there will be another screen
where he
can provide "Authenticator App Label" . It seems Google is using
separate screen for providing labels when user register
Security Key.
I prefer single screen, but see above.
* Any better ideas?
* We can possibly improve the old account console in similar manner.
Currently it looks like in screenshot setup-otp-account-mgmt.png .
Maybe we can at least change the label for "Device name" and also
add another sentence to the help text?
Old account console can just stay as is. We should focus improvements
on new console.
Ok
Marek
Thanks,
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev