Authentication using mobile notification

Greetings everyone,

I got a unique requirement that I can’t even find on the whole internet, even chatgpt also gives up…

I want a custom authenticator on my Keycloak, that send a notification to my organization’s mobile app.

That notification will ask the mobile user’s consent.

Once mobile user click on the "approval* button the keycloak will automatically logged in.

If the user click on “Deny” button, it won’t allow to login.

What I have done is:

I am able to create a custom authenticator, by implementing the Authenticator and AuthenticationFactory interfaces, as described in the keycloak documentation.

When I click on my custom authenticator, the authenticator is sending notification to my mobile app.

But the problem here is:

From the mobile app where should I send the mobile user’s consent back?

Is there any way to do that?

Currently what I am doing is,

I have started a timer of 5 seconds that will start when my custom authenticator is clicked.

I have exposed a custom REST endpoint in keycloak, which takes the userconsent and store it in the hashmap.

I am checking user consent from the hashmap… if the user consent is allow in the map then I will allow to login otherwise not.

But timer approach is not good.

I need alternative and robust approach.

Thank you!