Reputation: 471
PIN code authentication for web application
I'm developing angular6 web app with mobile view. For authentication I'm using keycloak server. It provides me with Oauth2 with access and refresh tokens.
For obtaining tokens user have to login with login/password. It's not very comfortable for user to enter password in mobile each time tokens are expired.
It would be cool if it possible to resume working in application by entering pin code. I think pin code can be set up by user after first login or generated by server and sent to user by email.
How is it possible to configure pin code authentication for web app? Is it possible to configure pin-code authentication using keycloak? Or is it possible with another auth server? Can it be done without storing password somewhere on FE or BE?
Upvotes: 3
Views: 3311
Answers (1)
Reputation: 1983
You'll need to develop a custom Authentication SPI (service provider interface).
Keycloak has example code in GitHub that demonstrates how to support a secret question for example, which won't be miles away from what you'll need for your PIN code secret.
Upvotes: 4
Related Questions
- Issuing "API keys" using Keycloak
- Login to Keycloak using API
- Invoke Keycloak Challenge on User Action
- How to obtain access token in webapp without login form (keycloak)
- Keycloak for backend service
- Keycloak user authorization openid-protocol Rest API
- Custom Authentication using Keycloak
- Get authorization code from Keycloak token endpoint
- OAuth2 authorization interface using KeyCloak
- OAuth 2.0 Authorization Code flow using javascript