Magic Link for authentication session continuation

[xgp]

Feature request for a magic link that can cause a continuation of an authentication session already underway.

Use case

1. User authenticates and is challenged by sending a magic link to email, using a custom Authenticator
2. Page polls for completion of challenge (e.g. is an auth note set/unset). This can just be a custom FTL with a javascript reload. Page tells them not to close the page.
3. Magic link is an action token that encodes the authentication session ID and tab ID and client ID
4. User clicks on link, potentially in a separate device. Page gives a success message and tells them to return to the initial page. If it is the same device, it also gives them a link to go to the application (this just joins the authentication session and continues with a success).
5. Action token handler looks up the authentication session by ID and tab ID and client ID and allows it to continue (by setting an Auth Note)
6. Polling picks up that the link has been clicked (by checking the Auth Note), and automatically continues the authentication with a success.
7. After a configurable amount of time, the Authenticator gives up and provides an error message to the user that the link has expired.

relevant KC code

AuthenticationSessionProvider p = session.authenticationSessions();
RootAuthenticationSessionModel m = p.getRootAuthenticationSession( realm,  authenticationSessionId);
// look up clientByClientId
AuthenticationSessionModel asm = m.getAuthenticationSession( client,  tabId)

[xgp]

Need to create

• new Authenticator and AuthenticatorFactory
• new ActionToken and ActionTokenHandler and ActionTokenHandlerFactory

See existing Magic link code.

Please add documentation to the README

[xgp]

Closed by https://github.com/p2-inc/keycloak-magic-link/pull/68