admin管理员组

文章数量:1122832

I have a unique requirement that I couldn't find a solution for, either through extensive internet searches or in the Keycloak documentation. I'm seeking guidance from the community to implement this.

Requirement

Our organization wants to enable passwordless authentication via our mobile app, similar to WebAuthn but specifically tailored to our mobile app.

The flow should be as follows:

  1. The user enters their username.

  2. They are redirected to the password page.

  3. The user clicks on "Try another way."

  4. They see a custom authenticator option: Login via Mobile App.

  5. On selecting this option, the user receives a notification on their mobile app.

  6. The user provides consent by either approving or disapproving the login via the app.

  7. If approved, Keycloak proceeds with the login.

  8. If disapproved, the flow restarts.

My Progress So Far

I have created a custom authenticator responsible for sending notifications to the mobile app.

I also created a custom realm resource to accept the user's response from the app.

The Problem

I cannot figure out how to send the user's approval/disapproval back to Keycloak.

Specifically, I'm unsure about the endpoint to respond to in Keycloak to interrupt and control the authentication process based on the mobile app's response.

My custom realm resource can accept the user's response but doesn't integrate seamlessly with Keycloak's authentication flow to allow or disallow login.

Request for Help

As a beginner in this domain, I'm struggling to understand how to integrate the mobile app's response into Keycloak's authentication process.

How can I configure Keycloak to interrupt the authentication flow based on the user's response from the custom realm resource?

Are there any specific endpoints or strategies in Keycloak that I can leverage for this purpose?

Any help or guidance on this would be greatly appreciated! Thank you in advance!

Research and References

A similar question was asked on the Keycloak forum, but it remains unanswered:

/t/custom-authentication-for-authentcating-user-without-forms-custom-auth-flow/23295

I followed this article to create my custom authenticator:

Keycloak adding new authenticator

本文标签: openid connectCustom Passwordless Authentication via Mobile App in KeycloakStack Overflow

版权声明:本文标题:openid connect - Custom Passwordless Authentication via Mobile App in Keycloak - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736283547a1927004.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。