Re: [keycloak-dev] Why do I have to enter the OTP?
On 01/13/2015 11:11 AM, Bill Burke wrote:
Why does a user have to enter in the OTP generated by their mobile
device? Wouldn't it be cooler if the steps were:
1. Enter in username password in the browser
2. Browser blocks and wait for...
3. Press a button on your OTP iphone app
4. iphone app sends an HTTP message to Keycloak with username and
generated OTP (in background)
5. Keycloak sees if a browser app is waiting for OTP verification, then
verifies OTP if so.
6. Browser unblocks and lets user in.
Now, the user doesn't ever have to enter the OTP (and mess it up like I
do all the time). They just need their mobile device.
Even better, in Android this can be done from an interactive
notification. You won't even need to open the app.
--
Summers Pittman
>Phone:404 941 4698
>Java is my crack.