[keycloak-dev] Why do I have to enter the OTP?

Christos Vasilakis cvasilak at gmail.com
Tue Jan 13 14:21:52 EST 2015


On Tue, Jan 13, 2015 at 6:20 PM, Bill Burke <bburke at redhat.com> wrote:

>
>
> On 1/13/2015 11:19 AM, Summers Pittman wrote:
> > On 01/13/2015 11:11 AM, Bill Burke wrote:
> >> Why does a user have to enter in the OTP generated by their mobile
> >> device?  Wouldn't it be cooler if the steps were:
> >>
> >> 1. Enter in username password in the browser
> >> 2. Browser blocks and wait for...
> >> 3. Press a button on your OTP iphone app
> >> 4. iphone app sends an HTTP message to Keycloak with username and
> >> generated OTP (in background)
> >> 5. Keycloak sees if a browser app is waiting for OTP verification, then
> >> verifies OTP if so.
> >> 6. Browser unblocks and lets user in.
> >>
> >> Now, the user doesn't ever have to enter the OTP (and mess it up like I
> >> do all the time).  They just need their mobile device.
> >>
> >>
> >>
> > Even better, in Android this can be done from an interactive
> > notification.  You won't even need to open the app.
> >
>
> Probably the same in iOS, no?
>

the same 'interactive notification' concept exist in iOS too, that is
without launching the app in the foreground, instead allowing the user to
click 'Accept/Send OTP" in the notification directly and let the system
call your app in the 'background' to process the request.

-
Christos




>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150113/0af921ef/attachment.html 


More information about the keycloak-dev mailing list