[keycloak-dev] browser refresh again
Bill Burke
bburke at redhat.com
Thu Jan 14 09:17:31 EST 2016
To make this work, we would need a way to plug in a REST service that
could receive input from the mobile device. It would search through
client sessions of the user to see which one was waiting for a mobile
authentication. Then change the state of the client session. The
browser session could poll the client session until a flag was set.
On 1/14/2016 2:53 AM, Stian Thorgersen wrote:
> Do we support async authenticators? I'm thinking about something like:
>
> * User logs in on desktop with username/password
> * As two factor auth we send a notification to a mobile phone app
> * When user clicks ok on the mobile phone app the login on the desktop
> continues
>
> This type of authentication is used by banks in Norway, which is very
> nice as you don't need to manually write a code.
>
>
> On 13 January 2016 at 22:34, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
> I'm changing browse refresh behavior again.
>
> I've removed all the extra redirects, so now, you can end up being on
> the OTP page, but the URL is the one posted to by password page.
> Refresh
> page will repost the password, keycloak will see that the current
> action
> is not the same, and just ask the flow to put the browser in the right
> state. Similarly with required actions.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160114/e9ee7ea8/attachment.html
More information about the keycloak-dev
mailing list