Good stuff. Happy to see you're back making videos again!
@buildingphase9712 Жыл бұрын
Great video, it would be interesting to see a login with Telegram implemented with Keycloak.
@user-ex2io4mr7m Жыл бұрын
just what I want! great!
@TechWorldWithSerdar3 ай бұрын
hallo Niko, danke für diesen schönen Beitrag. Könnte man diese Funktionalität auch als eine alternative direkt auf der Maske Username und Passwort anbieten oder sind sie definitive alternative zueinander und muss man nur eine von denen verwenden. Unser Kunde möchte Anmeldemaske haben mit Username und Passwort und dazu direkt darunter als alternative ein passwortlose Anmeldemöglichkeit z.B. mit Deiner Lösung hier. ich bedanke mich schon mal.
@dasniko3 ай бұрын
Mit einem Custom Authenticator kann man sowas machen.
@cankatadiloglu6387 Жыл бұрын
hello niko, great to have you back! could you help with creating a development environment for a beginner? what is the easiest/quickest way to develop custom keycloak extensions?
@dasniko Жыл бұрын
Have a look at my github.com/dasniko/keycloak-extensions-demo repository, perhaps this will help you as a starter. It's a multi-module-maven project, but it's not necessarily needed to have a multi-module project.
@ReginaldoMaranhao-oh5jq3 ай бұрын
I went through the entire process, but the new MagicLink provider does not appear to be added to the flow. What can it be?
@devveeloopersemoji4 ай бұрын
Hi I am currently trying to implement the webauthn flow but while registering in some browser webauthn is not supported on that case us there any way to customise the registration flow to check if browser is compatible or not then proceed with either webauthn or proceed with magic link.
@germanllop Жыл бұрын
Hey there, good to have you back, I'm strugling on setting up a cluster of v21 on docker swarm, any advice?
@dasniko Жыл бұрын
Docker swarm deployment uses some different network mode than compose or K8s. You'll have to figure out the public hostname or ip address first. It's long ago I did this once, don't remember all the details. Nearly nobody uses swarm anymore...
@germanllop Жыл бұрын
@@dasniko Thanks! Yeah, I came to the same conclusion but since the new docker image don't have any way to get the ip address I can't get that IP inside the sh file. I was trying to get a simple deployment with out k8s
@DavidWelch2344 Жыл бұрын
This is really great. Playing around with this now and wondering: if I set "email as username" to true, is it possible to create the user if the username doesn't exist, and then send the email magiclink? So basically Login would create a new user if the email didn't exist + send a magiclink, otherwise just send the magiclink to the existing user
@dasniko Жыл бұрын
If you'll implement it that way, then it'll work. But you'll have to implement more than only the magic-link authenticator...
@KundanKumar-kg5ep4 ай бұрын
Hi Can we Implement passwordless authentication using REST API ? If Yes then what is the REST endpoint for it and since user don't have the password how does user will be authenticated (what should be the grant_type here)
@dasniko4 ай бұрын
OIDC is all about browser flows, not API.
@user-wh6rj8mm3b Жыл бұрын
Hi Niko, this code is posible use in Keycloak 18.0.8? and this funcionality i can use in login page of Authentication Flow of OIDC?
@gandikuntxurbedja6466 Жыл бұрын
Good content. I want to maintain 2 authentication approach: username and password for the user type A and magic link for the user type B. How can I achieve that with keycloak ? Thank you in advance. I am using keycloak 21.1
@dasniko Жыл бұрын
You need to implement a custom conditional authenticator according to your requirements how you can detect „type A“ and „type B“ users. Then, build the authentication flow properly with your custom condition and the other authenticators.
@AbhilashaVar4 ай бұрын
does keycloak exposes REST API for passwordless authn with springboot , i need an api which use this internally without exposing the UI of keycloak to register the user
@dasniko4 ай бұрын
if you don't want to use Keycloak, then simply don't use it and don't look for insecure workarounds
@AbhilashaVar4 ай бұрын
@@dasniko i have to use keycloak , i just want an Api , does keycloak exposes any Passwordless WebAuth API during register , i want to integrate this webAuthn passwordless with springboot how can i , is it possible??
@dasniko4 ай бұрын
@@AbhilashaVar Well, if you have to use Keycloak, then use it properly, as it is meant to be used, not as you want it to use. Keycloak is an OIDC Identity Probider, not an API server. In doubt, learn the OIDC specs.
@simplifiedtech12 Жыл бұрын
Hello Niko, could you please provide a passwordless approach using Qr code? Just the user scans the Qr code, and he is in ?
@dasniko Жыл бұрын
C'mon... that's not that hard. Giving this example as a startet, you just have to show the link with an QR code, instead of sending it via email...
@simplifiedtech12 Жыл бұрын
@Niko Köbler (@dasniko) - Keycloak Expert When the user scans the qr code and gets the link, how can we log him in ? Is there a REST API to send the link to it, and then the Qr code page is loaded and the user is logged in ?
@marcom. Жыл бұрын
Das heißt aber auch, dass das ganze nur klappt, wenn der Link aus der Email mit demselben Browser aufgerufen wird wie die ursprüngliche Login-Seite, oder? Das ist natürlich je nach Client-Konstellation des Users nicht immer der Fall.
@dasniko Жыл бұрын
Ja, das habe ich ja erwähnt. Es gibt auch andere Ansätze, dann mit einem Custom-LoginActionToken. Hierbei ist dann die Security wieder eher ein Trade-off.
@user-ex2io4mr7m Жыл бұрын
May I ask where should I place the resource files? It throws error which says that ftl files not found. Thanks
@dasniko Жыл бұрын
Like in my example repo, packaged with the jar-file
@elbozo5723 Жыл бұрын
hey niko, just curious, what are your thoughts on the security of a magic login link versus a traditional username password?
@dasniko Жыл бұрын
As mentioned in the video, you are shifting the security from the users knowledge to the users mailbox. Depending on the security of the mailbox, it might(!) be more secure, as a login link is (should be) only valid one time and a short period of time, so for every login you will have a new one-time-password. Additionally, also mentioned in the video, it depends if the link is only valid in the same browser where auth has started, or if it‘s valid independently. It‘s always a trade-off and depends on the circumstances.