Require username and 6digit PIN based custom authentication and its REST API endpoint

Hi,

I need help/support on below custom requirement in Keycloak.

Requirement: 1. A user can be able to set Password and 6-digit PIN as credential and preferred login method for first time. Then the user should able to login/authenticate using username + Password (OR) Username + PIN .

Also for PIN we need PIN policies like password policy for example PIN expiry, PIN reset and notification before PIN expiry, forget and reset PIN functionality.

REST api methods also required for the PIN related operations to invoke them.

Could you please help/support how to achieve this functionality in Keycloak.
Please provide if any custom code is available.

Please provide detailed step to proceed on this as I checked that Username and PIN credential-based authentication is not available by default in keycloak tool. We can follow the SPI service extension java based coding to extent the authentication and credential provider functionality.

But, how to authenticate using username/PIN using REST API and what type of grant to authenticate using postman tool and REST endpoint requirement after a custom authenticator development.

Please require your support/help comments/feedback to proceed on this requirement.

Thank you,
Samarendra

My recommendation is to first try to convince the business to adopt modern authentication mechanisms, such as passwordless. Nowadays, using a PIN for authentication purposes does not make much sense.
In the worst-case scenario, to avoid extensive customization in Keycloak, you could offer both password-based authentication and a passwordless option. I can help simplify the integration for you.

Please don’t repost the same question over and over again, keep discussions to a single thread.

https://keycloak.discourse.group/t/require-keycloak-custom-login-api-using-username-and-6-digit-
pin-credential/28684/6

1 Like