[keycloak-user] Login by mobile number.

Travis De Silva traviskds at gmail.com
Thu Oct 1 04:06:16 EDT 2015

+1 for this feature.

This use case is getting quite popular these days. Apart from the banks
that follow this procedure, you also get companies like Google that do this
as an extra step to prevent someone who has stolen your username/password
from using it to access your content.

A would like to suggest a few additional features around this requirement
for it to be more valuable.

1. Option in KeyCloak to set if the SMS should be sent for all login
attempts or only when logging in from a new device like who you get with

2. A set of actions that could trigger the SMS - For example let's say I
have a banking web app and if the user logs in and does a funds transfer
above a certain limit, I should be able to from my app trigger an SMS auth.
Not sure if this is part of OAuth2 or OIDC but I have encountered quite a
few applications following this flow to prevent identify theft.

On Thu, 1 Oct 2015 at 17:52 Stian Thorgersen <sthorger at redhat.com> wrote:

> Using SMS as a two factor auth mechanism is on the road-map, but not in
> the near future. The idea is basically that the server creates a unique
> code, sends it in SMS, and the user would then copy it back to the login
> screen. Issue with it is that we first need to allow users to select what
> two factor auth mechanism they want to use. They could have a hardware OTP
> token for example, but as they don't have it with them they could use the
> SMS code as a backup. We also have tons of other things ahead of it in the
> queue.
> I'm a bit curious about your use-case. You basically want a user to login
> with mobile number + password, and also use a code sent over SMS as a two
> factor auth? Or do you have something different in mind?
> On 1 October 2015 at 09:45, Anunay Sinha <anunay.sinha at arvindinternet.com>
> wrote:
>> Hi Stian,
>> I have question about login through mobile devices in general,
>> where I would like to login via mobile number, get an OTP on my number
>> and use it to register/login into the system,
>> For the number I can follow your instructions but am looking to provide
>> for OTP as well (I am exploring this). It will be nice to have it out of
>> the box :)
>> Is such a option there in the Keycloak's roadmap ?
>> If so what is the rough timeline?
>> On Thu, Oct 1, 2015 at 1:06 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>> You would need to create a custom authenticator for it. Take a look at
>>> http://keycloak.github.io/docs/userguide/html/auth_spi.html
>>> On 30 September 2015 at 15:34, Revanth Ayalasomayajula <
>>> revanth at arvindinternet.com> wrote:
>>>> Hi all,
>>>> I have an application that is secured by Keycloak. I am able to login
>>>> using username/email and password. I also want to implement login via phone
>>>> number. Could anybody help me how to store the phone number for a user and
>>>> also how to use it to login the user.
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> --
>> - Anunay
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151001/c1e1884a/attachment-0001.html 

More information about the keycloak-user mailing list