Re: [keycloak-dev] OTP API
Hello Rohith,
not that I know of - we'd also like to have this functionality.
What would be the best place to add that? Perhaps this could be added to
the UsersResource with a new
endpoint like "/users/{userId}/otp-validation" or a (new) dedicated
resource.
A client could then do a POST to that endpoint with the current user's
access token and the entered OTP code.
Keycloak could then lookup and check the provided otp code.
If the code is corret, response could indicate that via status HTTP 200 or
HTTP 400 otherwise.
Cheers,
Thomas
2016-11-10 12:11 GMT+01:00 gambol <gambol99(a)gmail.com>:
Hiya
Does the latest version of Keycloak provide any means of verifying a user's
TOTP?. Our use-case at the moment, we have an application which once the
user is authenticated we issue a token of sorts ... however, we wish to
provide a popup that requests a user's TOPT every few hours which we
"could" verify via service account ... I can't see any access at the
moment
via the rest api
Rohith
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev