Adding support for login with phone number isn't as trivial as simply
adding another user attribute. The user storage spi also have implications
here since it's a supported API we can't break backwards compatibility.
To do this right we should discuss the correct approach. This would involve
some configuration option for a realm to allow specifying what attributes
can be used to authenticate the user. Some strategy for when there is more
than one user with the same phone number. That could be unique, allowing
user to select from users with the phone number, or simply returning an
error stating username has to be used.
Then there's indexing to consider. For the phone number to be useful for a
login it has to be indexed in the db. Caches should be able to lookup user
based on phone number.
Finally, and this is something we have problems with for email today. For
email we had a limitation that email had to be unique. One email per user
basically. This doesn't really work all that well and we had a rather hacky
approach to allowing multiple users with the same email address. To extend
to phone numbers we would need to address this properly and not introduce
additional problems.
On Thu, 18 Oct 2018 at 00:01, <marco.scheuermann(a)daimler.com> wrote:
Hi keykloak developers,
my Name is Marco and I am currently working on a keykloak based
usermanagement solution for our company and have the following requirement:
We implemented a native One Time Password (OTP) login for our app. That
means a user can login using email or mobile number.
After that he gets a PIN via SMS/email which he can enter into the app to
trigger the authentication flow.
During login we check if the user already exists. If not we guide him to a
registration page. This check is implemented by using keykloaks admin rest
API.
We search for a user by email. It must also be possible to search by phone
number because this attribute could also be used for login as already
mentioned.
We added a custom attribute “mobile” to the user but the REST API does not
allow to search for custom attributes.
Our Requirement:
The user should be able to use email OR phone number for login. For that
it should be possible to enter both attributes while registering a new user.
Currently keykloak only offers a custom field for email, but no phone
number.
Therefore we want to extend the User Profile by phone number. Would you
accept such a Pull Request?
Thank you,
Marco
If you are not the addressee, please inform us immediately that you have
received this e-mail by mistake, and delete it. We thank you for your
support.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev