[keycloak-dev] Device registration and verification
Stian Thorgersen
stian at redhat.com
Fri Jan 9 02:02:16 EST 2015
Requiring email seems unnecessary and awkward to me. The normal flow I've seen (at least on Android) is that you simply login with your username and password on the device. You can then go into your account later and list devices that are registered.
IMO we need to have a bigger discussion on how mobile and devices which includes the AeroGear guys.
----- Original Message -----
> From: "Pedro Igor Silva" <psilva at redhat.com>
> To: "keycloak dev" <keycloak-dev at lists.jboss.org>
> Sent: Friday, 9 January, 2015 12:09:47 AM
> Subject: [keycloak-dev] Device registration and verification
>
> Hi,
>
> I was wondering if we can support device registration and verification
> during login as follows:
>
> 1) Users can enable/disable behavior in admin console for a specific
> realm.
> 2) After a successful login, KC checks if the user's device is known.
> For instance, Browser and Operating System.
> 3) If not recognized, KC shows a page asking user if he wants to
> enable the device.
> 4) KC sends an email to user with a code.
> 5) When trying to login again, user must provide the code to register
> the new device and get authenticated.
> 6) For now on, users can authenticate without asking for permission if
> using the same device.
>
> Any thoughts ?
>
> Regards.
> Pedro Igor
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list