[keycloak-dev] Async authentication example

Bill Burke bburke at redhat.com
Tue Jul 11 11:05:00 EDT 2017


Awesome!   Comments inline


On 7/11/17 8:29 AM, Stian Thorgersen wrote:
> I gave it a go and implemented an "async" authentication example. It's
> rather simple what happens is:
>
> * User authenticates with username only
> * Then a "waiting" page is displayed, which is waiting for some external
> callback. This could be an app or whatever that verifies the user then
> sends the callback. In the example a CURL command is printed on sysout for
> the server which you can run to "simulate" the callback from the app.
> * Once the callback is received the user is authenticated without filling
> in password or any other credentials in the main browser
>
> https://github.com/stianst/authenticator-example
>
> Check it out here:
> https://youtu.be/C09BpNIf4v8
>
> It's a bit hacky in the way it's implemented:
>
> * Using notes for "callback" is a bit strange maybe?
Why?

> * Had to use custom realm resource for callback endpoint. Is this strange?
> * Probably won't work for cross DC, but in 7.2 Hynek has stuff that does
> that
So, in 7.2 it will work for cross-DC?

> * No way to push change to browser, so have to pull every 2 seconds. Maybe
> we could add a simple authentication event feature that uses websockets and
> a small auth js lib to do the job of notification?
You'd have to have a cross-DC notification bus for something like this 
as only one node in the cluster would have the websocket open. If you 
had Javascript that did the polling, the user wouldn't even see it.

Bill


> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list