Re: [keycloak-user] [keycloak-dev] WG: How to generate a token string in a custom keycloak extension?
10:07 a.m.
Moving this discussion to keycloak-user.
The functionality you are trying to build is also known as "magic-link",
e.g. as used by services like slack.
There is an open feature request for that in JIRA:
https://issues.jboss.org/browse/KEYCLOAK-1942
Note that while this is very convenient to use it can be exploited quite
badly, as mentioned in the JIRA issue.
Cheers,
Thomas
2018-01-23 16:46 GMT+01:00 Felix Peters <peters(a)develop4edu.de>:
Thanks for your quick response.
I try to implement a prototype of a password-free authenticator like it
was mentioned in this thread: http://lists.jboss.org/
pipermail/keycloak-user/2015-October/003387.html
My current approach is to create a token on a rest endpoint and validate
this token in an custom authenticator.
It’s just a POV, but I think a ActionToken can do the job.
I was googleing around for an existing solution for password-free login
with Keycloak, but could not found something like that.
Greeting,
Felix
*Von:* Thomas Darimont [mailto:thomas.darimont@googlemail.com]
*Gesendet:* Dienstag, 23. Januar 2018 15:48
*An:* Felix Peters <peters(a)develop4edu.de>
*Cc:* keycloak-dev(a)lists.jboss.org
*Betreff:* Re: [keycloak-dev] WG: How to generate a token string in a
custom keycloak extension?
Hello Felix,
What's your use case?
Keycloak provides action tokens that permits its bearer to perform some
actions, e. g. to reset a password or validate e-mail address.
Perhaps you could have a look at the action tokens SPI:
http://www.keycloak.org/docs/3.3/server_development/topics/
action-token-spi.html
Keycloaks OIDC Tokens (AccessToken, RefreshToken, IDToken) are generated
within org.keycloak.protocol.oidc.TokenManager and exposed
via the org.keycloak.protocol.oidc.endpoints.TokenEndpoint. Tokens can be
verified via the org.keycloak.RSATokenVerifier.
Cheers,
Thomas
2018-01-23 15:29 GMT+01:00 Felix Peters <peters(a)develop4edu.de>:
Hi,
I'm pretty new to Keycloak development and at the moment I'm trying to
develop some demo extensions to learn how SPI's an stuff like that work in
Keycloak.
My Question is:
Is there a util- or helper-class which I can use to generate an secure
token string in my extension code (pretty much the same as an oauth access
or refresh token)?
I was not able to find something In the Keycloak code, but maybe there is
something like that.
Thank you in advance,
Felix Peters
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2543
days inactive
2543
days old
0 comments
1 participants
participants (1)
-
Thomas Darimont