Specific events for webauthn register #10114
Comments
cbontemps
added
kind/enhancement
|
@cbontemps Thanks for creating this issue. I like it! I think it makes sense to have a possibility to distinguish the events properly, as WebAuthn will be maintained in Keycloak for a long time and is included there by default. It'd be probably good to have even 'remove' events for that? @mposolda WDYT? |
|
@mabartos Sorry for late answer. My vote is to rather have more generic event types like: Custom types for each credential doesn't work well with custom 2nd-factor credential types and will require some changes with each type introduced. But it is not a problem if credential has it's own way to add some additional details (Like EG. "attestation_statement" related details in the case of WebAuthn). So ideal will be to rather remove types like UPDATE_PASSWORD or UPDATE_TOTP and replace them with something more generic. Same for REMOVE_TOTP for example |
|
@mposolda Thanks for your comment. It makes sense. |
closes keycloak#10114 Signed-off-by: Theresa Henze <theresa.henze@bare.id>
Closes keycloak#10114 Signed-off-by: Theresa Henze <theresa.henze@bare.id>
Closes keycloak#10114 Signed-off-by: Theresa Henze <theresa.henze@bare.id>
Description
Keycloak currently emit specific events for "update password" and "update OTP" but not for "webauthn register" and "webauthnpasswordless register".
The use case is to send the user an email when a new WebAuthn authenticator is registered on his own account.
What the email template could be : "A WebAuthn authenticator was registered on {0} from {1}. If this was not you, please contact an administrator."
see https://issues.redhat.com/browse/KEYCLOAK-17175
Discussion
No response
Motivation
Currently, WebAuthn register events are mixed in type "custom_required_action" which makes them difficult to identify and handle.
Details
No response
The text was updated successfully, but these errors were encountered: