fx-hao / keycloak-phone-authenticator Goto Github PK

I don't understand this part of the instruction:

Configuration
Configure your REALM to use the phone number and verification code Authentication. First create a new REALM (or select a previously created REALM).

Under Authentication > Flows:

Copy the 'Direct Grant' flow to 'Direct grant with phone' flow
Click on 'Actions > Add execution' on the 'Provide Phone Number' line
Click on 'Actions > Add execution' on the 'Provide Verification Code' line
Set both of 'Provide Phone Number' and 'Provide Verification Code' to 'REQUIRED'

There are no Provide Phone Number' line or 'Provide Verification Code' line, so how should I set up the direct grant flow?

Hi, thanks for this package, I am using it currently to enable OTP flow, I was wondering where this Verification Code table might be. I am using an external PGSQL DB for all keycloak data storage, do I need to do some changes in the code so that this table is also created in the same DB? Or would this table be just added to the existing Keycloak DB? Thanks in advance.

I am using Keycloak version 13.0.1. I added the following classes to the project to implement my own SMS provider with AWS SNS:

(In package com.hfx.keycloak.spi.impl)

public class SmsServiceImpl implements SmsService<Object> {
    private final KeycloakSession session;
    public SmsServiceImpl(KeycloakSession session) {
        this.session = session;
    }
    @Override
    public void close() {
    }
    @Override
    public boolean send(String phoneNumber, Map<String, ? super Object> params) throws SmsException {
        String templateId = (String) params.get("templateId");
        String accessKey = "...";
        String secretKey = "...";
        BasicAWSCredentials awsCreds = new BasicAWSCredentials(accessKey, secretKey);
        AmazonSNS snsClient = AmazonSNSClient
                .builder()
                .withRegion(Regions.AP_SOUTHEAST_1)
                .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
                .build();
        String SMSMessage = templateId;
        snsClient.publish(new PublishRequest()
                .withMessage(SMSMessage)
                .withPhoneNumber(phoneNumber));
        return true;
    }

    @Override
    public boolean sendVerificationCode(VerificationCodeRepresentation rep, Map<String, ? super Object> params)
            throws SmsException {
        String code = rep.getCode();
        String accessKey = "...";
        String secretKey = "...";
        BasicAWSCredentials awsCreds = new BasicAWSCredentials(accessKey, secretKey);
        AmazonSNS snsClient = AmazonSNSClient
                .builder()
                .withRegion(Regions.AP_SOUTHEAST_1)
                .withCredentials(new AWSStaticCredentialsProvider(awsCreds))
                .build();
        String SMSMessage = code;
        snsClient.publish(new PublishRequest()
                .withMessage(SMSMessage)
                .withPhoneNumber(rep.getPhoneNumber()));
        return true;
    }
}

(In package com.hfx.keycloak.spi.impl)

public class SmsServiceProviderFactoryImpl implements SmsServiceProviderFactory {
    @Override
    public SmsService create(KeycloakSession session) {
        return new SmsServiceImpl(session);
    }
    @Override
    public void init(Config.Scope config) {

    }
    @Override
    public void postInit(KeycloakSessionFactory factory) {

    }
    @Override
    public void close() {

    }
    @Override
    public String getId() {
        return "SmsServiceProviderFactoryImpl";
    }
}

I also added the following service file to META-INF/services, called com.hfx.keycloak.spi.SmsServiceProviderFactory, with the following content:

com.hfx.keycloak.spi.impl.SmsServiceProviderFactoryImpl

The only dependency I added to the pom.xml is this:

    <dependency>
      <groupId>com.amazonaws</groupId>
      <artifactId>aws-java-sdk</artifactId>
      <version>1.11.1030</version>
    </dependency>

However, adding the jar to standalone/deployments and deploying, I still get the following error:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit."keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment "keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar"
Caused by: java.lang.NoClassDefFoundError: Failed to link com/hfx/keycloak/spi/ResetCredentialWithPhone (Module "deployment.keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar" from Service Module Loader): org/keycloak/authentication/authenticators/resetcred/ResetCredentialChooseUser"}}

which is the same error as that faced in issue #1. May I know if there is an issue with the way I added the SMS service implementation?

Hi,

Need help with the error below during Keycloak server startup

javax.persistence.PersistenceException: [PersistenceUnit: keycloak-default] Unable to build Hibernate SessionFactory

I have executed these steps:

1. Download Keycloak Server 13.0.1
2. Pull from git this repo and excute mvn clean & mvn package
3. Create /providers in the keycloak folder and copy the jar

I can see the table "verification_code" is created in my postgres database but during startup getting the error mentioned

• I have attached the full error log for your reference

Thanks

hibernate-session-error-log.txt

Code is not running throwing following error
Build step org.keycloak.quarkus.deployment.KeycloakProcessor#configureKeycloakSessionFactory threw an exception: java.lang.NoClassDefFoundError: org/keycloak/authentication/DisplayTypeAuthenticatorFactory

你好:

curl -X POST
http://localhost:8081/auth/realms/$YOUR_REALM/protocol/openid-connect/token
-H 'authorization: Basic c2h1bmRhby1hZG1pbjoxODc3MGYxMi02NjE4LTQwOTctYThmYi1kMjA0Mzg0Mzg4OTk='
-H 'content-type: application/x-www-form-urlencoded'
-d 'grant_type=password&phone_number=$PHONE_NUMBER&code=$VERIFICATION_CODE'

此例中 authorization 是什么? 是怎么得来的?
另外参数中没有指定 client_id ?

是要把 client 的 Access Type 设置为 confidential , 先取得client 的 token 再运行这个吗?

ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 1) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit."keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment "keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar"
Caused by: java.lang.NoClassDefFoundError: Failed to link com/hfx/keycloak/spi/ResetCredentialWithPhone (Module "deployment.keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar" from Service Module Loader): org/keycloak/authentication/authenticators/resetcred/ResetCredentialChooseUser"}}

Hi, apologies for my vague title but there are a couple of problem statements that I'm trying to solve here. I have no coding experience in Java, so please bear with me if they are quite elementary. I have already deployed this SPI and was wondering how to proceed with handling specific use cases. My Use case is this:

Get User's Phone Number and verify with OTP, if no users are mapped for the phoneNumber, create new user, ask for the user details in the login form itself. I have done some basic additions to your code in src/main/com/hfx/keycloak/spi/UsernamePasswordorPhoneForm

public boolean validateVerificationCode(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
        context.clearUser();
        UserModel user = this.getUser(context, formData);
        String phoneNumber = (String)formData.getFirst("phoneNumber");
        String groupName = "/is_externaluser";
        GroupModel external_group = KeycloakModelUtils.findGroupByPath(context.getRealm(), groupName);
        if (user == null && VerificationCode.verify(context, VERIFICATION_CODE_KIND)){
            user = context.getSession().users().getUserByUsername(context.getRealm(), phoneNumber);
            if (user == null){
                user = context.getSession().users().addUser(context.getRealm(), phoneNumber);
                user.setEnabled(true);
                log.info(String.format("Created New User with Username %s", phoneNumber));
                user.joinGroup(external_group);
                log.info("Added User To External Group");
                List<String> values = new ArrayList<String>();
                values.add(phoneNumber);
                user.setAttribute("contact_number", values);
                NEW_USER_CREATED = true;
            }
            else{
                user = null;
            }
        }
        return user != null && VerificationCode.verify(context, VERIFICATION_CODE_KIND) && this.validateUser(context, user, formData);
    }

But I want to emit the value of NEW_USER_CREATED to the frontend so that either

1. The Login Card Changes To The Registration Form within the same domain itself, taking in User Details like fullname, email, etc
2. Redirect To The Custom Account Page provided by you

But I don't have enough understanding about this implementation to go ahead with either. If you have any ideas please let me know.

Also, If I wanted to do away with the SMS Interface/SPI Packages (keycloak-phone-authenticator-yuntongxun-sms and yuntongxun4j) and simply wanted to add the SMS implementation in the main package keycloak-phone-authenticator how would I go about it?

I know this is not an 'issue' in the package itself but I have searched through the internet and have found no resource as good as yours for my usecase hence was wondering if I could pick your brains about it.

Thanks in advance!

Hello!
When I try to add this add-on, Keycloak gives error on startup:
Failed to define class com.hfx.keycloak.spi.ResetCredentialWithPhone in Module "deployment.phone.jar" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link com/hfx/keycloak/spi/ResetCredentialWithPhone (Module "deployment.phone.jar" from Service Module Loader): org/keycloak/authentication/authenticators/resetcred/ResetCredentialChooseUser

My set up:

• Keycloak from docker image quay.io/keycloak/keycloak:13.0.0
• run mvn package from inside keycloak-phone-authenticator under latest maven docker image
• copy file keycloak-phone-authenticator/keycloak-phone-authenticator-1.0.0-SNAPSHOT.jar to /opt/jboss/keycloak/standalone/deployments/phone.jar
• run Keycloak docker container

What could be the problem? Thanks in advance!

Hi,

I've copied the jar file of the project into a providers directory in the home directory of the keycloak server on my local Windows machine. However, when I run the command standalone.bat in the bin directory, I get the following error and the server doesn't start up. May I know if I'm missing any steps in the installation procedure?

23:24:39,782 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 52) WFLYCTL0403: Unexpected failure during execution of the following operation(s): []: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458) at [email protected]//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131) at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:874) at [email protected]//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:805) at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468) at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384) at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990) at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348) at java.base/java.lang.Thread.run(Thread.java:834) at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)