Can I use SMS OTP Authentication in Keycloak?

Team,

We are using Keycloak 11.0.2 for common Auth in a microservice architecture. One of our client requirement is app need to log-in using user-id and with SMS OTP (Twilio provider). Is there is any plugin available to cover this option in Keycloak?

Could you please share me the valid working plugin, documentation or any samples which are already developed on the requirement? (any relevant documentation)

We are using Java 11

Hi,

I have an example here, using AWS SNS as SMS provider: https://github.com/dasniko/keycloak-2fa-sms-authenticator

Using Twilio, you have to implement the SmsService interface for Twilio yourself, I don’t know the Twilio API. But the rest of the Keycloak authenticator you can use of course as a good starting point.

Docs for the authenticator are not ready yet, but it should be obvious from the code, hopefully.

Have a look at the repo!
Does it help?

1 Like

Thanks for your quick response and help.
Since I am new to Keycloak implementation, could you please clarify me on below points

  • Where I have to upload this Jar file, and any other setting I have to do in Keycloak portal
  • Did need to move template file to a server

Also, I like to add this log-in flow to one of the clients in the realm.

You should read (and understand) the developer docs here: https://www.keycloak.org/docs/latest/server_development/index.html

After deploying the custom authenticator, you have to create a new authentication flow in admin UI to use this authenticator as an execution. In this flow/execution, you can (or have to, depends on your authenticator) configure the authenticator.

With my example, it’s not necessary to deploy an extra template, as it comes along with the resources of the authenticator jar. It’s suits the needs if you use a theme based on the base-template. If you have a completely different theme, you have to adjust the theme-resources from the authenticator and deploy it with your own extension or separately with your theme.

Please, read the docs first!!

1 Like

@dasniko Hi thanks for the tutorial! However, tutorial only says how a user using a browser can talk with Keycloak; but in my case, I have an mobile app and users need to login using that (instead of a webpage).

Therefore, I wonder what should I do? Thanks for any suggestions!

Some time back we made an api to do auth not only with keycloak but also with google for different platforms ( including windows phone ). See this video of it in action using a demo application called shoot and share. The actual library you can find on github as well. It’s no longer maintained but you can maybe use it for inspiration.

Hi @dasniko / @edewit
I tried your 2fa SMS-based authentication example, which is working very fine.
But I want to use keycloak Apis with my other frontend app and I was not able to find anything any-way to use SMS-based OTP in keycloak API.

For reference Access Keycloak APIs using Two-Factor Authentication · Ultimate Security Professional Blog
In the above link for google-authenticator / free otp there is a provision of giving OTP in keycloak API with-param name TOTP.

Please suggest some way using which I can use SMS-based OTP in keycloak API.

I’m sorry @khushminder270 but I don’t know how to do that