6:39 p.m.
Hi all,
I am trying to find a way to setup a (optional) TOTP for an specific user
using an endpoint, but I couldn't find anything like that in the
documentation. Is that even possible? is it something that you will include
at some point in your roadmap?
The scenario is a native mobile app using keycloak through endpoints
(registration, login, logout, etc). I know that's not the way you
recommend, but sadly I cannot change that.
TOTP is currently working if I set it up using the account management
console and I'm trying to re use those calls, but they use cookies included
in the requests and that model just doesn't fit on my requirements.
I'd really appreciate a little guidance if it is possible to create an SPI
(I have some already) to do such task.
Thanks in advance,
Regards,
Fab
--
*Fabricio Milone*
Developer
*Shine Consulting *
30/600 Bourke Street
Melbourne VIC 3000
T: 03 8488 9939
M: 04 3200 4006
www.shinetech.com *a* passion for excellence
12:33 a.m.
Do you have login working without OTP? That would be the first step and it
sounds like you may not have that working based on you're looking at
account management console. You should use direct grant api (what OIDC
calls resource owner credential grant). Take a look at
http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-acce...
.
Also, seriously reconsider how you're doing this implementation. For a
better user experience I would strongly recommend using an external user
agent. This is what is recommended by OAuth/OIDC specs as well as by us.
On 27 May 2016 at 01:39, Fabricio Milone <fabricio.milone(a)shinetech.com>
wrote:
Hi all,
I am trying to find a way to setup a (optional) TOTP for an specific user
using an endpoint, but I couldn't find anything like that in the
documentation. Is that even possible? is it something that you will include
at some point in your roadmap?
The scenario is a native mobile app using keycloak through endpoints
(registration, login, logout, etc). I know that's not the way you
recommend, but sadly I cannot change that.
TOTP is currently working if I set it up using the account
management
console and I'm trying to re use those calls, but they use cookies included
in the requests and that model just doesn't fit on my requirements.
I'd really appreciate a little guidance if it is possible to create an SPI
(I have some already) to do such task.
Thanks in advance,
Regards,
Fab
--
*Fabricio Milone*
Developer
*Shine Consulting *
30/600 Bourke Street
Melbourne VIC 3000
T: 03 8488 9939
M: 04 3200 4006
www.shinetech.com *a* passion for excellence
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:10 a.m.
Hi Stian,
I do have a working direct grants flow. I also have some SPIs to complete
the entire set of functionality that was requested. Sadly, I cannot modify
those requirements and it is not possible to use the browser based login (I
would love to, really!).
What I did today was I created some SPIs under /auth/realms/realm/that
allows me to get the following
- otp image base64 url encoded.
- otp secret and code
another endpoint that using those parameters plus a code from the
authenticator, set up the otp to the specified user and finally an endpoint
to check if otp is enabled and remove it from the account.
I'm testing it right now and seems to be working pretty well.
I think that resolved my issues so far, unless I find something odd in the
next days :)
Thanks,
Regards,
Fab
On 27 May 2016 at 15:33, Stian Thorgersen <sthorger(a)redhat.com> wrote:
Do you have login working without OTP? That would be the first step
and it
sounds like you may not have that working based on you're looking at
account management console. You should use direct grant api (what OIDC
calls resource owner credential grant). Take a look at
http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-acce...
.
Also, seriously reconsider how you're doing this implementation. For a
better user experience I would strongly recommend using an external user
agent. This is what is recommended by OAuth/OIDC specs as well as by us.
On 27 May 2016 at 01:39, Fabricio Milone <fabricio.milone(a)shinetech.com>
wrote:
> Hi all,
>
> I am trying to find a way to setup a (optional) TOTP for an specific user
> using an endpoint, but I couldn't find anything like that in the
> documentation. Is that even possible? is it something that you will include
> at some point in your roadmap?
>
> The scenario is a native mobile app using keycloak through endpoints
> (registration, login, logout, etc). I know that's not the way you
> recommend, but sadly I cannot change that.
>
> TOTP is currently working if I set it up using the account management
> console and I'm trying to re use those calls, but they use cookies included
> in the requests and that model just doesn't fit on my requirements.
>
> I'd really appreciate a little guidance if it is possible to create an
> SPI (I have some already) to do such task.
>
> Thanks in advance,
>
> Regards,
> Fab
>
> --
> *Fabricio Milone*
> Developer
>
> *Shine Consulting *
>
> 30/600 Bourke Street
>
> Melbourne VIC 3000
>
> T: 03 8488 9939
>
> M: 04 3200 4006
>
>
> www.shinetech.com *a* passion for excellence
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
*Fabricio Milone*
Developer
*Shine Consulting *
30/600 Bourke Street
Melbourne VIC 3000
T: 03 8488 9939
M: 04 3200 4006
www.shinetech.com *a* passion for excellence
3148
days inactive
3149
days old
2 comments
2 participants
participants (2)
-
Fabricio Milone -
Stian Thorgersen