89 lines
3.4 KiB
HCL
89 lines
3.4 KiB
HCL
resource "keycloak_authentication_flow" "passkey" {
|
|
realm_id = keycloak_realm.dev.id
|
|
alias = "passkey"
|
|
description = "browser based authentication"
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "passkey_auth_cookie" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_flow.passkey.alias
|
|
authenticator = "auth-cookie"
|
|
requirement = "ALTERNATIVE"
|
|
}
|
|
|
|
resource "keycloak_authentication_subflow" "passkey_forms" {
|
|
realm_id = keycloak_realm.dev.id
|
|
alias = "passkey browser forms"
|
|
parent_flow_alias = keycloak_authentication_flow.passkey.alias
|
|
provider_id = "basic-flow"
|
|
requirement = "ALTERNATIVE"
|
|
depends_on = [ keycloak_authentication_execution.auth_cookie ]
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "passkey_username" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_forms.alias
|
|
authenticator = "auth-username-form"
|
|
requirement = "REQUIRED"
|
|
}
|
|
|
|
resource "keycloak_authentication_subflow" "passkey_passwordless_or_2fa" {
|
|
realm_id = keycloak_realm.dev.id
|
|
alias = "passkey passkey or 2fa"
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_forms.alias
|
|
provider_id = "basic-flow"
|
|
requirement = "REQUIRED"
|
|
depends_on = [ keycloak_authentication_execution.passkey_username ]
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "passkey_webauthn_passwordless" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_passwordless_or_2fa.alias
|
|
authenticator = "webauthn-authenticator-passwordless"
|
|
requirement = "ALTERNATIVE"
|
|
depends_on = [ keycloak_authentication_execution.passkey_username ]
|
|
}
|
|
|
|
resource "keycloak_authentication_subflow" "passkey_password_and_second_factor" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_passwordless_or_2fa.alias
|
|
alias = "passkey password and 2fa"
|
|
provider_id = "basic-flow"
|
|
requirement = "ALTERNATIVE"
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "passkey_password" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_password_and_second_factor.alias
|
|
authenticator = "auth-password-form"
|
|
requirement = "REQUIRED"
|
|
}
|
|
|
|
resource "keycloak_authentication_subflow" "passkey_second_factor" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_password_and_second_factor.alias
|
|
alias = "passkey second factor"
|
|
provider_id = "basic-flow"
|
|
requirement = "CONDITIONAL"
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "passkey_user_configured_condition" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_second_factor.alias
|
|
authenticator = "conditional-user-configured"
|
|
requirement = "REQUIRED"
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "passkey_webauthn" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_second_factor.alias
|
|
authenticator = "webauthn-authenticator"
|
|
requirement = "ALTERNATIVE"
|
|
}
|
|
|
|
resource "keycloak_authentication_execution" "passkey_otp" {
|
|
realm_id = keycloak_realm.dev.id
|
|
parent_flow_alias = keycloak_authentication_subflow.passkey_second_factor.alias
|
|
authenticator = "auth-otp-form"
|
|
requirement = "ALTERNATIVE"
|
|
}
|