[keycloak-dev] Async authentication example

Pedro Igor Silva psilva at redhat.com
Tue Jul 11 13:10:49 EDT 2017


Really nice !

On Tue, Jul 11, 2017 at 9:29 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> I gave it a go and implemented an "async" authentication example. It's
> rather simple what happens is:
>
> * User authenticates with username only
> * Then a "waiting" page is displayed, which is waiting for some external
> callback. This could be an app or whatever that verifies the user then
> sends the callback. In the example a CURL command is printed on sysout for
> the server which you can run to "simulate" the callback from the app.
> * Once the callback is received the user is authenticated without filling
> in password or any other credentials in the main browser
>

Maybe you can use a SET [1], which is basically a JWT, in order to
communicate authentication events between parties. For instance, send
additional data to the external callback about the authentication context
and receive back from the external callback information on how to proceed
with the authentication.

[1] https://tools.ietf.org/html/draft-hunt-idevent-token-03


>
> https://github.com/stianst/authenticator-example
>
> Check it out here:
> https://youtu.be/C09BpNIf4v8
>
> It's a bit hacky in the way it's implemented:
>
> * Using notes for "callback" is a bit strange maybe?
> * Had to use custom realm resource for callback endpoint. Is this strange?
> * Probably won't work for cross DC, but in 7.2 Hynek has stuff that does
> that
> * No way to push change to browser, so have to pull every 2 seconds. Maybe
> we could add a simple authentication event feature that uses websockets and
> a small auth js lib to do the job of notification?
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list