Because the usage of an emailed OTP code ensures a user has access to their mailbox, their email should be verified in their Keycloak user account.
@xgp A few questions remains:
I noticed two methods for retrieving the authenticated user: context.getAuthenticationSession().getAuthenticatedUser() and context.getUser(). I have used the former because you yourself use context.getAuthenticationSession() in your code. Is there anything else to consider here for making a choice?
Both methods may give null as a response but I believe they will not because the EmailOTPAuthenticator will fail earlier if a user can not be found. Is that a correct assumption?
Because the usage of an emailed OTP code ensures a user has access to their mailbox, their email should be verified in their Keycloak user account.
@xgp A few questions remains:
context.getAuthenticationSession().getAuthenticatedUser()
andcontext.getUser()
. I have used the former because you yourself usecontext.getAuthenticationSession()
in your code. Is there anything else to consider here for making a choice?null
as a response but I believe they will not because theEmailOTPAuthenticator
will fail earlier if a user can not be found. Is that a correct assumption?