Re: [keycloak-dev] User Profile Extension

I'd rather you consider contributing a fully functional feature in Keycloak itself, rather than extracting most of it into a separate service and only contributing a part of the feature to the rest of the community. On Fri, 19 Oct 2018 at 08:21, <marco.scheuermann(a)daimler.com&gt; wrote: > Thank you Stian, > > > > I understand your point. I will create a longer description of our > requirement and why it has a benefit for the community. > > Is that ok for you? > > > > Thank you, > > Marco > > > > *Von: *Stian Thorgersen <sthorger(a)redhat.com&gt; > *Antworten an: *&quot;stian(a)redhat.com&quot; <stian(a)redhat.com&gt; > *Datum: *Freitag, 19. Oktober 2018 um 08:14 > *An: *"Scheuermann, Marco (059)" <marco.scheuermann(a)daimler.com&gt; > *Cc: *keycloak-dev <keycloak-dev(a)lists.jboss.org&gt;, " > fabian.loewner(a)freiheit.com&quot; <fabian.loewner(a)freiheit.com&gt;, "Scollo, > Carmelo (059)" <carmelo.scollo(a)daimler.com&gt;, "Herrmann, David > Christian > (059)" <david_christian.herrmann(a)daimler.com&gt;, "Schmitt, Lukas (059)" > < > lukas.schmitt(a)daimler.com&gt; > *Betreff: *Re: [keycloak-dev] User Profile Extension > > > > I understand that you don't need it, but that's past the point. When > adding new features and capabilities in Keycloak we need to consider > the > bigger picture and add things in a way that has wider use. We do not > add > solutions for one person. > > > > On Thu, 18 Oct 2018 at 11:51, <marco.scheuermann(a)daimler.com&gt; wrote: > > Hi Stian, > > > > thank you for your answer. > > We already implemented login with phone number. For that we created a > microservice that communicates with keykloak. The service does a ROPC > with > keykloak, so from keykloak perspective we DO NOT NEED support for > login with > > phone number. > > Our only requirement was to extend the existing user profile by phone > number, NOT to allow login via phone number. > > > > Greetings, > > Marco > > > > *Von: *Stian Thorgersen <sthorger(a)redhat.com&gt; > *Antworten an: *&quot;stian(a)redhat.com&quot; <stian(a)redhat.com&gt; > *Datum: *Donnerstag, 18. Oktober 2018 um 11:33 > *An: *"Scheuermann, Marco (059)" <marco.scheuermann(a)daimler.com&gt; > *Cc: *keycloak-dev <keycloak-dev(a)lists.jboss.org&gt;, " > fabian.loewner(a)freiheit.com&quot; <fabian.loewner(a)freiheit.com&gt;, "Scollo, > Carmelo (059)" <carmelo.scollo(a)daimler.com&gt;, "Herrmann, David > Christian > (059)" <david_christian.herrmann(a)daimler.com&gt;, "Schmitt, Lukas (059)" > < > lukas.schmitt(a)daimler.com&gt; > *Betreff: *Re: [keycloak-dev] User Profile Extension > > > > Adding support for login with phone number isn't as trivial as simply > adding another user attribute. The user storage spi also have > implications > here since it's a supported API we can't break backwards > compatibility. > > > > To do this right we should discuss the correct approach. This would > involve some configuration option for a realm to allow specifying what > attributes can be used to authenticate the user. Some strategy for > when > there is more than one user with the same phone number. That could be > unique, allowing user to select from users with the phone number, or > simply > returning an error stating username has to be used. > > > > Then there's indexing to consider. For the phone number to be useful > for a > login it has to be indexed in the db. Caches should be able to lookup > user > based on phone number. > > > > Finally, and this is something we have problems with for email today. > For > email we had a limitation that email had to be unique. One email per > user > basically. This doesn't really work all that well and we had a rather > hacky > approach to allowing multiple users with the same email address. To > extend > to phone numbers we would need to address this properly and not > introduce > additional problems. > > > > On Thu, 18 Oct 2018 at 00:01, <marco.scheuermann(a)daimler.com&gt; wrote: > > Hi keykloak developers, > > my Name is Marco and I am currently working on a keykloak based > usermanagement solution for our company and have the following > requirement: > We implemented a native One Time Password (OTP) login for our app. > That > means a user can login using email or mobile number. > After that he gets a PIN via SMS/email which he can enter into the app > to > trigger the authentication flow. > During login we check if the user already exists. If not we guide him > to a > registration page. This check is implemented by using keykloaks admin > rest > API. > We search for a user by email. It must also be possible to search by > phone > number because this attribute could also be used for login as already > mentioned. > We added a custom attribute “mobile” to the user but the REST API does > not > allow to search for custom attributes. > > Our Requirement: > The user should be able to use email OR phone number for login. For > that > it should be possible to enter both attributes while registering a new > user. > Currently keykloak only offers a custom field for email, but no phone > number. > Therefore we want to extend the User Profile by phone number. Would > you > accept such a Pull Request? > > Thank you, > Marco > > If you are not the addressee, please inform us immediately that you > have > received this e-mail by mistake, and delete it. We thank you for your > support. > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > > > If you are not the addressee, please inform us immediately that you > have > received this e-mail by mistake, and delete it. We thank you for your > support. > > > > > If you are not the addressee, please inform us immediately that you > have > received this e-mail by mistake, and delete it. We thank you for your > support. > > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev