Awesome! Comments inline
On 7/11/17 8:29 AM, Stian Thorgersen wrote:
I gave it a go and implemented an "async" authentication
example. It's
rather simple what happens is:
* User authenticates with username only
* Then a "waiting" page is displayed, which is waiting for some external
callback. This could be an app or whatever that verifies the user then
sends the callback. In the example a CURL command is printed on sysout for
the server which you can run to "simulate" the callback from the app.
* Once the callback is received the user is authenticated without filling
in password or any other credentials in the main browser
https://github.com/stianst/authenticator-example
Check it out here:
https://youtu.be/C09BpNIf4v8
It's a bit hacky in the way it's implemented:
* Using notes for "callback" is a bit strange maybe?
Why?
* Had to use custom realm resource for callback endpoint. Is this
strange?
* Probably won't work for cross DC, but in 7.2 Hynek has stuff that does
that
So, in 7.2 it will work for cross-DC?
* No way to push change to browser, so have to pull every 2 seconds.
Maybe
we could add a simple authentication event feature that uses websockets and
a small auth js lib to do the job of notification?
You'd have to have a
cross-DC notification bus for something like this
as only one node in the cluster would have the websocket open. If you
had Javascript that did the polling, the user wouldn't even see it.
Bill
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev