skydrinker-tox
commented
5 days ago Hello, what do you mean by "registering a new server" ?
If you want to add an OTP validation to your registration process (even if I don't get the point), this authenticator should work in a registration flow (just create your own custom registration flow and add this authenticator). Be aware that there is no spam protection here (it's under developement, and won't be available before several weeks/month). If a robot can access this step, the "resent code" action could be spamed to generate dozen of mail and overload your mail server.
- If your goal in using an otp during registration, is to check that the registrating user is not a bot, use a captcha instead.
- If your goal is to check that the registrating user owns the mail address, you should use the "verify email" required action (keycloak doc here
- if you want to show a step during authentication flow, depending on specific conditions, you might go with conditionnal authenticators in your flow. In addition to built-in conditonnal authenticators, there is for exemple here a custom conditionnal authenticator to display 2FA only for users that did not previously succeed 2FA and register their browser as trusted : keycloak-spi-trusted-device. You can create your own authenticator inspired from this one or a combination of other existing ones.
Hello,
Will this authenticator work while registering a new server? I am looking for an authenticator that sends OTP for new users or do I need to setup a custom registration flow according to my needs?