[keycloak-dev] Why do I have to enter the OTP?
Summers Pittman
supittma at redhat.com
Tue Jan 13 11:19:38 EST 2015
On 01/13/2015 11:11 AM, Bill Burke wrote:
> Why does a user have to enter in the OTP generated by their mobile
> device? Wouldn't it be cooler if the steps were:
>
> 1. Enter in username password in the browser
> 2. Browser blocks and wait for...
> 3. Press a button on your OTP iphone app
> 4. iphone app sends an HTTP message to Keycloak with username and
> generated OTP (in background)
> 5. Keycloak sees if a browser app is waiting for OTP verification, then
> verifies OTP if so.
> 6. Browser unblocks and lets user in.
>
> Now, the user doesn't ever have to enter the OTP (and mess it up like I
> do all the time). They just need their mobile device.
>
>
>
Even better, in Android this can be done from an interactive
notification. You won't even need to open the app.
--
Summers Pittman
>>Phone:404 941 4698
>>Java is my crack.
More information about the keycloak-dev
mailing list