Two-factor authentication Rest API

Hi there!
During the implementation of keycloak for our services with REST API, we encountered a problem with setting up two-factor authentication via REST. Is there any way to get the QR code without accessing the keycloak login page (we have our own login page UI)?

are you looking at enabling 2FA for a user using rest api, if so it should be as simple as setting up mandatory action “configure_otp” for the user.

i guess this rest call can do it

curl ‘http://localhost:8080/auth/admin/realms/test/users/c8e1f8d2-3c30-4e14-bd2e-ba4d1faf2193
-X ‘PUT’
-H ‘Connection: keep-alive’
-H ‘Accept: application/json, text/plain, /
-H ‘DNT: 1’
-H 'Authorization: Bearer ’
-H ‘User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36’
-H ‘Content-Type: application/json;charset=UTF-8’
-H ‘Origin: http://localhost:8080
-H ‘Sec-Fetch-Site: same-origin’
-H ‘Sec-Fetch-Mode: cors’
-H ‘Sec-Fetch-Dest: empty’
-H ‘Referer: http://localhost:8080/auth/admin/master/console/
-H ‘Accept-Language: en-US,en;q=0.9’
–data-binary ‘{“id”:“c8e1f8d2-3c30-4e14-bd2e-ba4d1faf2193”,“createdTimestamp”:1603179101242,“username”:“user1”,“enabled”:true,“totp”:false,“emailVerified”:false,“disableableCredentialTypes”:[],“requiredActions”:[“CONFIGURE_TOTP”],“notBefore”:0,“access”:{“manageGroupMembership”:true,“view”:true,“mapRoles”:true,“impersonate”:true,“manage”:true},“attributes”:{}}’
–compressed

Hi, I would like to know if there are any rest call to verify the totp value of a authenticated user. It is for verify some importants request such as payments. Best regards

1 Like

No standard SPI call for TOTP verification. But you can create your own REST API to do it.

Refer this,
https://www.keycloak.org/docs/latest/server_development/#_extensions