Hi Stian,
thanks for your feedback. Nice to hear that you consider the User
Questioning API a fitting feature for Keycloak.
For now, we will implement this feature as a plugin to get a working proof
of concept. We would be happy to contribute any common code to Keycloak.
Intuitively, I would start implementing the endpoints as a REST Resource.
To allow for different methods of questioning (via a screen displayed by
Keycloak or via our API) we would have to extract a common interface, I
think.
Viele Grüße / Best regards
Felix Meißner
Hanko.io – Convenient and Secure Authentication
Hanko GmbH
Ringstr. 19 | 24114 Kiel | Germany
Email: felix.meissner(a)hanko.io
Phone: +49 431 908 929 25
Am Mi., 16. Jan. 2019 um 07:58 Uhr schrieb Stian Thorgersen <
sthorger(a)redhat.com>:
Looks quite interesting and useful. Haven't seen much request for
it
though.
Doesn't look like it would be to much effort to implement, nor to much
burden to maintain. Have you considered how this could be implemented in
Keycloak?
On Mon, 14 Jan 2019 at 12:49, Felix Meißner <felix.meissner(a)hanko.io>
wrote:
> Hi everyone,
>
> recently, I have been investigating how to integrate transaction approval
> in an OpenID Connect based environment.
>
> It seems to me, the OpenID Connect User Questioning API is the perfect
> match, but as far as I can see, Keycloak is currently not implementing
> this
> API, right? Also, I cannot fond any issue at JBoss regarding this feature.
>
> Are there any reasons to not implement the User Questioning API in
> Keycloak, or has there just not yet been a feature request / someone
> willing to implement this? Or are there any other ways to aquire the
> user's
> consent via Keycloak?
>
> At Hanko, we are developing a Keycloak plugin that allows to use FIDO2 as
> well as UAF and U2F devices as second or multi-factor authentication
> devices in Keycloak with help of our API. Now, we are looking for a way to
> integrate signed transactions based on FIDO in Keycloak.
>
> Thank you for your comments!
>
> Viele Grüße / Best regards
> Felix Meißner
>
> Hanko.io – Convenient and Secure Authentication
>
> Hanko GmbH
> Ringstr. 19 | 24114 Kiel | Germany
>
> Email: felix.meissner(a)hanko.io
> Phone: +49 431 908 929 25
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev