Do you have login working without OTP? That would be the first step and it sounds like you may not have that working based on you're looking at account management console. You should use direct grant api (what OIDC calls resource owner credential grant). Take a look at http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html.

Also, seriously reconsider how you're doing this implementation. For a better user experience I would strongly recommend using an external user agent. This is what is recommended by OAuth/OIDC specs as well as by us.

On 27 May 2016 at 01:39, Fabricio Milone <fabricio.milone@shinetech.com> wrote:

Hi all,

I am trying to find a way to setup a (optional) TOTP for an specific user using an endpoint, but I couldn't find anything like that in the documentation. Is that even possible? is it something that you will include at some point in your roadmap?

The scenario is a native mobile app using keycloak through endpoints (registration, login, logout, etc). I know that's not the way you recommend, but sadly I cannot change that.

TOTP is currently working if I set it up using the account management console and I'm trying to re use those calls, but they use cookies included in the requests and that model just doesn't fit on my requirements.

I'd really appreciate a little guidance if it is possible to create an SPI (I have some already) to do such task.

Thanks in advance,

Regards,

Fab

--

Fabricio Milone

Developer

Shine Consulting 

30/600 Bourke Street

Melbourne VIC 3000

T: 03 8488 9939

M: 04 3200 4006

www.shinetech.com  a passion for excellence

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user