[keycloak-dev] Why do I have to enter the OTP?
Bill Burke
bburke at redhat.com
Tue Jan 13 11:11:09 EST 2015
Why does a user have to enter in the OTP generated by their mobile
device? Wouldn't it be cooler if the steps were:
1. Enter in username password in the browser
2. Browser blocks and wait for...
3. Press a button on your OTP iphone app
4. iphone app sends an HTTP message to Keycloak with username and
generated OTP (in background)
5. Keycloak sees if a browser app is waiting for OTP verification, then
verifies OTP if so.
6. Browser unblocks and lets user in.
Now, the user doesn't ever have to enter the OTP (and mess it up like I
do all the time). They just need their mobile device.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list