[keycloak-user] Login by mobile number.

Anunay Sinha anunay.sinha at arvindinternet.com
Thu Oct 1 03:57:58 EDT 2015

User can register through a mobile number. He will be sent an OTP on his
mobile number (for verification and first time login)
Once verified ​and he logs in for the first time he can set his password.

Similar workflow will be used if he wants to recover his password. He will
get a OTP on his mobile that will allow him to log in and he can reset his
password thereafter.

2 Factor Authentication is not something we are looking at yet, though it
will be good to have

On Thu, Oct 1, 2015 at 1:22 PM, Stian Thorgersen <sthorger at redhat.com>

> Using SMS as a two factor auth mechanism is on the road-map, but not in
> the near future. The idea is basically that the server creates a unique
> code, sends it in SMS, and the user would then copy it back to the login
> screen. Issue with it is that we first need to allow users to select what
> two factor auth mechanism they want to use. They could have a hardware OTP
> token for example, but as they don't have it with them they could use the
> SMS code as a backup. We also have tons of other things ahead of it in the
> queue.
> I'm a bit curious about your use-case. You basically want a user to login
> with mobile number + password, and also use a code sent over SMS as a two
> factor auth? Or do you have something different in mind?
> On 1 October 2015 at 09:45, Anunay Sinha <anunay.sinha at arvindinternet.com>
> wrote:
>> Hi Stian,
>> I have question about login through mobile devices in general,
>> where I would like to login via mobile number, get an OTP on my number
>> and use it to register/login into the system,
>> For the number I can follow your instructions but am looking to provide
>> for OTP as well (I am exploring this). It will be nice to have it out of
>> the box :)
>> Is such a option there in the Keycloak's roadmap ?
>> If so what is the rough timeline?
>> On Thu, Oct 1, 2015 at 1:06 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>> You would need to create a custom authenticator for it. Take a look at
>>> http://keycloak.github.io/docs/userguide/html/auth_spi.html
>>> On 30 September 2015 at 15:34, Revanth Ayalasomayajula <
>>> revanth at arvindinternet.com> wrote:
>>>> Hi all,
>>>> I have an application that is secured by Keycloak. I am able to login
>>>> using username/email and password. I also want to implement login via phone
>>>> number. Could anybody help me how to store the phone number for a user and
>>>> also how to use it to login the user.
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> --
>> - Anunay

- Anunay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151001/8f457d94/attachment.html 

More information about the keycloak-user mailing list