Is there a way in Keycloak SPI to identify which method a user logged in with, e.g. OTP or WebAuthn?
I’m trying to check if a user logged in with 1FA or 2FA. Right now I’m confirming this using the UserCredentialManager.getStoredCredentialsSteam() method to check if the user has a 2FA method enabled or not.
Many thanks.
If you extended the 2FA authenticator you could set something on the user’s session notes after they authenticate like context.getAuthenticationSession().setUserSessionNote("loginMethod", "something").
Those can then be added to the client scope and returned as an additional claim.
This would require you to make a custom authentication flow and configure your client to use it instead of whatever it’s using today.