I have an existing application that allows TOTP to be used (using Google Authenticator) and I want to move over to Keycloak. Is it possible to import the relevant data (the shared secret I guess) for OTP to continue working for those users or would they need to can a new QR code with the Authenticator app when I switch?
Assuming you could port the data that is stored for your existing TOTP to Keycloak’s
CredentialModel, it’s theoretically possible. Take a look at keycloak/OTPCredentialModel.java at master · keycloak/keycloak · GitHub and also an example of how it’s stored in the DB, and see if you can convert what you have to that format. That said, there are no good facilities or helpers in keycloak to perform this kind of import, and you’ll have to write a script/program to do it yourself, likely directly on the DB. The easier way would be to just require them to set it up again.