[keycloak-dev] User Profile Extension
Stian Thorgersen
sthorger at redhat.com
Fri Oct 19 02:26:30 EDT 2018
I'd rather you consider contributing a fully functional feature in Keycloak
itself, rather than extracting most of it into a separate service and only
contributing a part of the feature to the rest of the community.
On Fri, 19 Oct 2018 at 08:21, <marco.scheuermann at daimler.com> wrote:
> Thank you Stian,
>
>
>
> I understand your point. I will create a longer description of our
> requirement and why it has a benefit for the community.
>
> Is that ok for you?
>
>
>
> Thank you,
>
> Marco
>
>
>
> *Von: *Stian Thorgersen <sthorger at redhat.com>
> *Antworten an: *"stian at redhat.com" <stian at redhat.com>
> *Datum: *Freitag, 19. Oktober 2018 um 08:14
> *An: *"Scheuermann, Marco (059)" <marco.scheuermann at daimler.com>
> *Cc: *keycloak-dev <keycloak-dev at lists.jboss.org>, "
> fabian.loewner at freiheit.com" <fabian.loewner at freiheit.com>, "Scollo,
> Carmelo (059)" <carmelo.scollo at daimler.com>, "Herrmann, David Christian
> (059)" <david_christian.herrmann at daimler.com>, "Schmitt, Lukas (059)" <
> lukas.schmitt at daimler.com>
> *Betreff: *Re: [keycloak-dev] User Profile Extension
>
>
>
> I understand that you don't need it, but that's past the point. When
> adding new features and capabilities in Keycloak we need to consider the
> bigger picture and add things in a way that has wider use. We do not add
> solutions for one person.
>
>
>
> On Thu, 18 Oct 2018 at 11:51, <marco.scheuermann at daimler.com> wrote:
>
> Hi Stian,
>
>
>
> thank you for your answer.
>
> We already implemented login with phone number. For that we created a
> microservice that communicates with keykloak. The service does a ROPC with
> keykloak, so from keykloak perspective we DO NOT NEED support for login with
>
> phone number.
>
> Our only requirement was to extend the existing user profile by phone
> number, NOT to allow login via phone number.
>
>
>
> Greetings,
>
> Marco
>
>
>
> *Von: *Stian Thorgersen <sthorger at redhat.com>
> *Antworten an: *"stian at redhat.com" <stian at redhat.com>
> *Datum: *Donnerstag, 18. Oktober 2018 um 11:33
> *An: *"Scheuermann, Marco (059)" <marco.scheuermann at daimler.com>
> *Cc: *keycloak-dev <keycloak-dev at lists.jboss.org>, "
> fabian.loewner at freiheit.com" <fabian.loewner at freiheit.com>, "Scollo,
> Carmelo (059)" <carmelo.scollo at daimler.com>, "Herrmann, David Christian
> (059)" <david_christian.herrmann at daimler.com>, "Schmitt, Lukas (059)" <
> lukas.schmitt at daimler.com>
> *Betreff: *Re: [keycloak-dev] User Profile Extension
>
>
>
> Adding support for login with phone number isn't as trivial as simply
> adding another user attribute. The user storage spi also have implications
> here since it's a supported API we can't break backwards compatibility.
>
>
>
> To do this right we should discuss the correct approach. This would
> involve some configuration option for a realm to allow specifying what
> attributes can be used to authenticate the user. Some strategy for when
> there is more than one user with the same phone number. That could be
> unique, allowing user to select from users with the phone number, or simply
> returning an error stating username has to be used.
>
>
>
> Then there's indexing to consider. For the phone number to be useful for a
> login it has to be indexed in the db. Caches should be able to lookup user
> based on phone number.
>
>
>
> Finally, and this is something we have problems with for email today. For
> email we had a limitation that email had to be unique. One email per user
> basically. This doesn't really work all that well and we had a rather hacky
> approach to allowing multiple users with the same email address. To extend
> to phone numbers we would need to address this properly and not introduce
> additional problems.
>
>
>
> On Thu, 18 Oct 2018 at 00:01, <marco.scheuermann at daimler.com> wrote:
>
> Hi keykloak developers,
>
> my Name is Marco and I am currently working on a keykloak based
> usermanagement solution for our company and have the following requirement:
> We implemented a native One Time Password (OTP) login for our app. That
> means a user can login using email or mobile number.
> After that he gets a PIN via SMS/email which he can enter into the app to
> trigger the authentication flow.
> During login we check if the user already exists. If not we guide him to a
> registration page. This check is implemented by using keykloaks admin rest
> API.
> We search for a user by email. It must also be possible to search by phone
> number because this attribute could also be used for login as already
> mentioned.
> We added a custom attribute “mobile” to the user but the REST API does not
> allow to search for custom attributes.
>
> Our Requirement:
> The user should be able to use email OR phone number for login. For that
> it should be possible to enter both attributes while registering a new user.
> Currently keykloak only offers a custom field for email, but no phone
> number.
> Therefore we want to extend the User Profile by phone number. Would you
> accept such a Pull Request?
>
> Thank you,
> Marco
>
> If you are not the addressee, please inform us immediately that you have
> received this e-mail by mistake, and delete it. We thank you for your
> support.
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
> If you are not the addressee, please inform us immediately that you have
> received this e-mail by mistake, and delete it. We thank you for your
> support.
>
>
>
>
> If you are not the addressee, please inform us immediately that you have
> received this e-mail by mistake, and delete it. We thank you for your
> support.
>
>
More information about the keycloak-dev
mailing list