[keycloak-dev] Why do I have to enter the OTP?

Bill Burke bburke at redhat.com
Tue Jan 13 11:20:32 EST 2015



On 1/13/2015 11:19 AM, Summers Pittman wrote:
> On 01/13/2015 11:11 AM, Bill Burke wrote:
>> Why does a user have to enter in the OTP generated by their mobile
>> device?  Wouldn't it be cooler if the steps were:
>>
>> 1. Enter in username password in the browser
>> 2. Browser blocks and wait for...
>> 3. Press a button on your OTP iphone app
>> 4. iphone app sends an HTTP message to Keycloak with username and
>> generated OTP (in background)
>> 5. Keycloak sees if a browser app is waiting for OTP verification, then
>> verifies OTP if so.
>> 6. Browser unblocks and lets user in.
>>
>> Now, the user doesn't ever have to enter the OTP (and mess it up like I
>> do all the time).  They just need their mobile device.
>>
>>
>>
> Even better, in Android this can be done from an interactive
> notification.  You won't even need to open the app.
>

Probably the same in iOS, no?

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list