Feature request for a magic link that can cause a continuation of an authentication session already underway.
Use case
User authenticates and is challenged by sending a magic link to email, using a custom Authenticator
Page polls for completion of challenge (e.g. is an auth note set/unset). This can just be a custom FTL with a javascript reload. Page tells them not to close the page.
Magic link is an action token that encodes the authentication session ID and tab ID and client ID
User clicks on link, potentially in a separate device. Page gives a success message and tells them to return to the initial page. If it is the same device, it also gives them a link to go to the application (this just joins the authentication session and continues with a success).
Action token handler looks up the authentication session by ID and tab ID and client ID and allows it to continue (by setting an Auth Note)
Polling picks up that the link has been clicked (by checking the Auth Note), and automatically continues the authentication with a success.
After a configurable amount of time, the Authenticator gives up and provides an error message to the user that the link has expired.
relevant KC code
AuthenticationSessionProvider p = session.authenticationSessions();
RootAuthenticationSessionModel m = p.getRootAuthenticationSession( realm, authenticationSessionId);
// look up clientByClientId
AuthenticationSessionModel asm = m.getAuthenticationSession( client, tabId)
Feature request for a magic link that can cause a continuation of an authentication session already underway.
Use case
relevant KC code