Required actions - is it possible to choose an authentication flow for that?
66 views
Skip to first unread message
Francis Augusto Medeiros-Logeay
Sep 11, 2025, 2:51:01 AMSep 11
to 'Francis Augusto Medeiros-Logeay' via Keycloak User
Hi,
When coding a custom authentication, I could, in my code, require that certain conditions were met, such as that the user was logged in via a certain ISP.
I wonder if one could do that when calling a required action directly using the “kc_action” parameter.
I suppose that, here, the flow defined by the client would determine which Authentication Flow is called - is that right?
If so, how can I restrict calling a required action only from a certain client?
In our case, we’d like to start using passkeys, but we would like to restrict passkeys set up to users who also have authenticated to another IdP - which is on our flow for the user account portal.
But since I can call the action to register passkeys from any client, this could mean bypassing the authentication requirements I want for the account portal.
Or did I get it wrong?
Best,
Francis
When coding a custom authentication, I could, in my code, require that certain conditions were met, such as that the user was logged in via a certain ISP.
I wonder if one could do that when calling a required action directly using the “kc_action” parameter.
I suppose that, here, the flow defined by the client would determine which Authentication Flow is called - is that right?
If so, how can I restrict calling a required action only from a certain client?
In our case, we’d like to start using passkeys, but we would like to restrict passkeys set up to users who also have authenticated to another IdP - which is on our flow for the user account portal.
But since I can call the action to register passkeys from any client, this could mean bypassing the authentication requirements I want for the account portal.
Or did I get it wrong?
Best,
Francis
Reply all
Reply to author
Forward
0 new messages