[keycloak-dev] Open Authenticator in Mobile App

[Bohnen, Theodore]

Hi all


Feature request:


Currently when you use the otp feature, on signup it shows the qr code (derived from a uri generated based on https://github.com/google/google-authenticator/wiki/Key-Uri-Format), and it shows the encoded private key that you can  copy and paste to google authenticator.


The issues we've experienced is thatkeycloak allows you to choose your otp algorithm, i.e. SHA256, whilst google authenticator uses SHA1. When you scan the qr code it works well, given it adds the algorithm  to the uri, and it gets added to google authenticator correctly. The problem is that if you are accessing this via a mobile phone, you cannot scan the qr code and you have to copy the code to google authenticator, which is clunky and doesn't work for certain scenarios. When you do this, you have no way (that I can see) to set which algorithm to use in google authenticator, it just assumes SHA1 and if the algorithm in keycloak is set to any other algorithm, it is added to google authenticator but keycloak says code is invalid. Regardless of the algorithm issue, this is also not a great user experience for a mobile user.


The proposed solution is to check if the browser is running on a mobile device, and if so, have an html button that opens the same link that is embedded in the qr code.


I'm happy to do a PR for this.


Looking forward to your feedback.


Theo

This e-mail is subject to a disclaimer, available at http://www.rmb.co.za/web/elements.nsf/online/disclaimer-communications.html