Greetings everyone,
I got a unique requirement that I can’t even find on the whole internet, even chatgpt also gives up…
I want a custom authenticator on my Keycloak, that send a notification to my organization’s mobile app.
That notification will ask the mobile user’s consent.
Once mobile user click on the "approval* button the keycloak will automatically logged in.
If the user click on “Deny” button, it won’t allow to login.
What I have done is:
I am able to create a custom authenticator, by implementing the Authenticator and AuthenticationFactory interfaces, as described in the keycloak documentation.
When I click on my custom authenticator, the authenticator is sending notification to my mobile app.
But the problem here is:
From the mobile app where should I send the mobile user’s consent back?
Is there any way to do that?
Currently what I am doing is,
I have started a timer of 5 seconds that will start when my custom authenticator is clicked.
I have exposed a custom REST endpoint in keycloak, which takes the userconsent and store it in the hashmap.
I am checking user consent from the hashmap… if the user consent is allow in the map then I will allow to login otherwise not.
But timer approach is not good.
I need alternative and robust approach.
Thank you!