[keycloak-user] [keycloak-dev] WG: How to generate a token string in a custom keycloak extension?

Thomas Darimont thomas.darimont at googlemail.com
Tue Jan 23 11:07:33 EST 2018 

Moving this discussion to keycloak-user.

The functionality you are trying to build is also known as "magic-link",
e.g. as used by services like slack.
There is an open feature request for that in JIRA:
https://issues.jboss.org/browse/KEYCLOAK-1942

Note that while this is very convenient to use it can be exploited quite
badly, as mentioned in the JIRA issue.

Cheers,
Thomas

2018-01-23 16:46 GMT+01:00 Felix Peters <peters at develop4edu.de>:

> Thanks for your quick response.
>
>
>
> I try to implement a prototype of a password-free authenticator like it
> was mentioned in this thread: http://lists.jboss.org/
> pipermail/keycloak-user/2015-October/003387.html
>
>
>
> My current approach is to create a token on a rest endpoint and validate
> this token in an custom authenticator.
>
> It’s just a POV, but I think a ActionToken can do the job.
>
>
>
> I was googleing around for an existing solution for password-free login
> with Keycloak, but could not found something like that.
>
>
>
> Greeting,
> Felix
>
>
>
> *Von:* Thomas Darimont [mailto:thomas.darimont at googlemail.com]
> *Gesendet:* Dienstag, 23. Januar 2018 15:48
> *An:* Felix Peters <peters at develop4edu.de>
> *Cc:* keycloak-dev at lists.jboss.org
> *Betreff:* Re: [keycloak-dev] WG: How to generate a token string in a
> custom keycloak extension?
>
>
>
> Hello Felix,
>
>
>
> What's your use case?
>
>
>
> Keycloak provides action tokens that permits its bearer to perform some
> actions, e. g. to reset a password or validate e-mail address.
>
>
>
> Perhaps you could have a look at the action tokens SPI:
>
> http://www.keycloak.org/docs/3.3/server_development/topics/
> action-token-spi.html
>
>
>
> Keycloaks OIDC Tokens (AccessToken, RefreshToken, IDToken) are generated
> within org.keycloak.protocol.oidc.TokenManager and exposed
>
> via the org.keycloak.protocol.oidc.endpoints.TokenEndpoint. Tokens can be
> verified via the org.keycloak.RSATokenVerifier.
>
>
>
> Cheers,
>
> Thomas
>
>
>
> 2018-01-23 15:29 GMT+01:00 Felix Peters <peters at develop4edu.de>:
>
> Hi,
>
> I'm pretty new to Keycloak development and at the moment I'm trying to
> develop some demo extensions to learn how SPI's an stuff like that work in
> Keycloak.
>
> My Question is:
> Is there a util- or helper-class which I can use to generate an secure
> token string in my extension code (pretty much the same as an oauth access
> or refresh token)?
> I was not able to find something In the Keycloak code, but maybe there is
> something like that.
> Thank you in advance,
> Felix Peters
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>

More information about the keycloak-user mailing list