java.lang.Object
- org.keycloak.authentication.AbstractFormAuthenticator
- - org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
  - - org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator

All Implemented Interfaces:

Authenticator, CredentialValidator<OTPCredentialProvider>, Provider

Direct Known Subclasses:

ConditionalOtpFormAuthenticator
```
public class OTPFormAuthenticator
extends AbstractUsernameFormAuthenticator
implements Authenticator, CredentialValidator<OTPCredentialProvider>
```
Version:

$Revision: 1 $

Author:

Bill Burke

Field Summary

Fields
Modifier and Type Field Description

static String SELECTED_OTP_CREDENTIAL_ID

static String UNNAMED
- Fields inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
  ATTEMPTED_USERNAME, REGISTRATION_FORM_ACTION, USER_SET_BEFORE_USERNAME_PASSWORD_AUTH

Constructor Summary

Constructors
Constructor Description

OTPFormAuthenticator()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`action(AuthenticationFlowContext context)`	Called from a form action invocation.
`void`	`authenticate(AuthenticationFlowContext context)`	Initial call for the authenticator.
`void`	`close()`
`boolean`	`configuredFor(KeycloakSession session, RealmModel realm, UserModel user)`	Is this authenticator configured for this user.
`protected javax.ws.rs.core.Response`	`createLoginForm(LoginFormsProvider form)`
`protected String`	`disabledByBruteForceError()`
`protected String`	`disabledByBruteForceFieldError()`
`OTPCredentialProvider`	`getCredentialProvider(KeycloakSession session)`
`List<RequiredActionFactory>`	`getRequiredActions(KeycloakSession session)`	Overwrite this if the authenticator is associated with
`boolean`	`requiresUser()`	Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?
`void`	`setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)`	Set actions to configure authenticator
`void`	`validateOTP(AuthenticationFlowContext context)`

Methods inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
challenge, challenge, dummyHash, enabledUser, getDefaultChallengeMessage, isDisabledByBruteForce, isUserAlreadySetBeforeUsernamePasswordAuth, runDefaultDummyHash, setDuplicateUserChallenge, testInvalidUser, validatePassword, validateUser, validateUserAndPassword

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator
areRequiredActionsEnabled

Methods inherited from interface org.keycloak.authentication.CredentialValidator
getCredentials, getType

- Field Detail
  - SELECTED_OTP_CREDENTIAL_ID
```
public static final String SELECTED_OTP_CREDENTIAL_ID
```
    See Also:
    
    Constant Field Values
  - UNNAMED
```
public static final String UNNAMED
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - OTPFormAuthenticator
```
public OTPFormAuthenticator()
```
- Method Detail
  - action
```
public void action(AuthenticationFlowContext context)
```
    Description copied from interface: Authenticator
    
    Called from a form action invocation.
    
    Specified by:
    
    action in interface Authenticator
    
    Overrides:
    
    action in class AbstractUsernameFormAuthenticator
  - authenticate
```
public void authenticate(AuthenticationFlowContext context)
```
    Description copied from interface: Authenticator
    
    Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.
    
    Specified by:
    
    authenticate in interface Authenticator
  - validateOTP
```
public void validateOTP(AuthenticationFlowContext context)
```
  - requiresUser
```
public boolean requiresUser()
```
    Description copied from interface: Authenticator
    
    Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?
    
    Specified by:
    
    requiresUser in interface Authenticator
    
    Returns:
  - disabledByBruteForceError
```
protected String disabledByBruteForceError()
```
    Overrides:
    
    disabledByBruteForceError in class AbstractUsernameFormAuthenticator
  - disabledByBruteForceFieldError
```
protected String disabledByBruteForceFieldError()
```
    Overrides:
    
    disabledByBruteForceFieldError in class AbstractUsernameFormAuthenticator
  - createLoginForm
```
protected javax.ws.rs.core.Response createLoginForm(LoginFormsProvider form)
```
    Overrides:
    
    createLoginForm in class AbstractUsernameFormAuthenticator
  - configuredFor
```
public boolean configuredFor(KeycloakSession session,
                             RealmModel realm,
                             UserModel user)
```
    Description copied from interface: Authenticator
    
    Is this authenticator configured for this user.
    
    Specified by:
    
    configuredFor in interface Authenticator
    
    Returns:
  - setRequiredActions
```
public void setRequiredActions(KeycloakSession session,
                               RealmModel realm,
                               UserModel user)
```
    Description copied from interface: Authenticator
    
    Set actions to configure authenticator
    
    Specified by:
    
    setRequiredActions in interface Authenticator
  - getRequiredActions
```
public List<RequiredActionFactory> getRequiredActions(KeycloakSession session)
```
    Description copied from interface: Authenticator
    
    Overwrite this if the authenticator is associated with
    
    Specified by:
    
    getRequiredActions in interface Authenticator
    
    Returns:
  - close
```
public void close()
```
    Specified by:
    
    close in interface Provider
    
    Overrides:
    
    close in class AbstractFormAuthenticator
  - getCredentialProvider
```
public OTPCredentialProvider getCredentialProvider(KeycloakSession session)
```
    Specified by:
    
    getCredentialProvider in interface CredentialValidator<OTPCredentialProvider>

Modifier and Type	Field	Description
`static String`	`SELECTED_OTP_CREDENTIAL_ID`
`static String`	`UNNAMED`

Class OTPFormAuthenticator

Field Summary

Fields inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator

Constructor Summary

Method Summary

Methods inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator

Methods inherited from class java.lang.Object

Methods inherited from interface org.keycloak.authentication.Authenticator

Methods inherited from interface org.keycloak.authentication.CredentialValidator

Field Detail

SELECTED_OTP_CREDENTIAL_ID

UNNAMED

Constructor Detail

OTPFormAuthenticator

Method Detail

action

authenticate

validateOTP

requiresUser

disabledByBruteForceError

disabledByBruteForceFieldError

createLoginForm

configuredFor

setRequiredActions

getRequiredActions

close

getCredentialProvider