Add Email OTP two-factor authentication via Required Action#89
Open
ckyvra wants to merge 2 commits intomesutpiskin:mainfrom
Open
Add Email OTP two-factor authentication via Required Action#89ckyvra wants to merge 2 commits intomesutpiskin:mainfrom
ckyvra wants to merge 2 commits intomesutpiskin:mainfrom
Conversation
Inspired by the keycloak-mfa-plugins project, this commit introduces a new Required Action that enables Email OTP authentication through a dedicated credential provider. Key changes: - Added a new "Email OTP" Required Action to validate and store the user's email in a credential attribute (similar to how SMS OTP works). - The email authentication option now appears in the Account Console under Security > Sign-in > Two-factor authentication. - Reused and adapted relevant code from keycloak-mfa-plugins/sms-authenticator. - Added a configuration flag to enforce mandatory 2FA. - Updated README.md with the complete workflow and deployment steps. - Added documentation note: the "Email OTP" action must be registered in Authentication > Required Actions (and enabled by default if desired). This brings feature parity between SMS and Email OTP while keeping the same user experience and credential storage model.
Owner
|
Hi @ckyvra Thanks a lot for your contribution — great work, much appreciated 👍 I should mention that I’ve done a significant refactoring in the project recently. During that time I couldn’t push regular updates, sorry about that. Because of this, trying to merge your changes now results in quite a lot of conflicts. Would you mind updating your changes according to the current structure and sending them again? That would make the merge process much smoother. Thanks again for the effort and contribution 🙏 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Inspired by the keycloak-mfa-plugins project, this commit introduces a new Required Action that enables Email OTP authentication through a dedicated credential provider.
Key changes:
This brings feature parity between SMS and Email OTP while keeping the same user experience and credential storage model.