[keycloak-dev] OTP API
Thomas Darimont
thomas.darimont at googlemail.com
Thu Nov 10 07:52:41 EST 2016
Hello Rohith,
not that I know of - we'd also like to have this functionality.
What would be the best place to add that? Perhaps this could be added to
the UsersResource with a new
endpoint like "/users/{userId}/otp-validation" or a (new) dedicated
resource.
A client could then do a POST to that endpoint with the current user's
access token and the entered OTP code.
Keycloak could then lookup and check the provided otp code.
If the code is corret, response could indicate that via status HTTP 200 or
HTTP 400 otherwise.
Cheers,
Thomas
2016-11-10 12:11 GMT+01:00 gambol <gambol99 at gmail.com>:
> Hiya
>
> Does the latest version of Keycloak provide any means of verifying a user's
> TOTP?. Our use-case at the moment, we have an application which once the
> user is authenticated we issue a token of sorts ... however, we wish to
> provide a popup that requests a user's TOPT every few hours which we
> "could" verify via service account ... I can't see any access at the moment
> via the rest api
>
> Rohith
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list