I guess I’d need to implement an authentication /execution flow provider? Something that checks if the session is started with an previously unknown device (how do I even track devices?) and send an confirmation email. What should the confirmation email link do in keycloak though? Any pointers appreciated.
There’s a great start to a trusted device flow here: keycloak-extension-playground/auth-trust-device at master · thomasdarimont/keycloak-extension-playground · GitHub
It requires a lot of components, but is flexible.
1 Like