Hello Nikola,
On Thu, 2018-12-20 at 16:57 +0100, Nikola Malenic wrote:
> I have an use case where I have to authorize an action in my
> application
> taken by the user. Here is how it should go:
>
> The user is logged in at KC and using my application. Now, my
> application
> would need to authorize one user action by sending the user to KC,
> where he
> would enter his OTP, and then, my application would get some kind
> of proof
> that user authorized the action (I don't know what should that be,
> yet).
Seems like what you want is "step-up authentication". It's been on
the list since 2014, but AFAIK still no progress to the moment:
https://issues.jboss.org/browse/KEYCLOAK-847
https://issues.jboss.org/browse/KEYCLOAK-4182
http://lists.jboss.org/pipermail/keycloak-dev/2017-April/009245.html
I'm also adding Thomas Darimont to CC: as probably no one knows this
topic better than he does.
> Do you have any idea how this could be achieved using KC? I guess
> action SPI
> would somehow be used.
If you're talking about Action Token SPI [1], I'm afraid this is not
much relevant here. Action tokens are issued by Keycloak and allow
users to perform special actions like password reset. OTOH, your case
is about conditionally executing a part of authentication flow on the
client's request.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
>
>
>
> Thank you in advance,
>
> Nikola
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user