### Install and Configure Keycloak Total Voice SMS Provider Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-totalvoice/README.md This shell script automates the deployment and initial configuration of the Keycloak Total Voice SMS Sender Provider. It copies the necessary JAR files to the Keycloak providers directory, rebuilds the Keycloak server to integrate the new services, and then starts Keycloak with the Total Voice phone service enabled and its authentication token configured. ```sh cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-totalvoice.jar ${KEYCLOAK_HOME}/providers/ ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=totalvoice \ --spi-message-sender-service-totalvoice-token=${token} ``` -------------------------------- ### Run Keycloak Phone Provider with Docker Compose Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md This command initiates the Keycloak Phone Provider using a `docker-compose.yml` file. Ensure Docker Compose is installed and the `docker-compose.yml` is properly configured in the current directory for successful execution. ```shell docker-compose up ``` -------------------------------- ### Deploying Keycloak Phone Provider and Cloopen SMS JARs Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-cloopen/README.md This shell script facilitates the deployment of the Keycloak phone provider and the cloopen SMS provider JAR files into the Keycloak installation directory. It then triggers a Keycloak rebuild and starts the server, enabling the cloopen SMS service and configuring it with essential parameters such as application ID, account, token, and the OTP template ID. ```shell cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-cloopen.jar ${KEYCLOAK_HOME}/providers/ ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=cloopen \ --spi-message-sender-service-cloopen-app=${appId} \ --spi-message-sender-service-cloopen-account=${account} \ --spi-message-sender-service-cloopen-token=${token} \ --spi-message-sender-service-cloopen-opt-template=${templateId} ``` -------------------------------- ### Keycloak Twilio SMS Provider Deployment and Configuration Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-twofactorapi/README.md These shell commands facilitate the deployment of the Keycloak Phone Provider and Twilio SMS Provider JAR files into the Keycloak installation directory. Following deployment, Keycloak is built and then started with specific SPI configurations to enable the Twilio SMS service, requiring account SID, auth token, and service phone number. ```sh cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-twilio.jar ${KEYCLOAK_HOME}/providers/ ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=twilio \ --spi-message-sender-service-twilio-account=${account} \ --spi-message-sender-service-twilio-token=${token} \ --spi-message-sender-service-twilio-number=${servicePhoneNumber} ``` -------------------------------- ### Building and Starting Keycloak with Tencent SMS Provider Configuration Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-tencent/README.md These commands first build the Keycloak distribution to incorporate the newly deployed providers. Subsequently, Keycloak is started with various `--spi-message-sender-service-tencent` parameters, which configure the Tencent SMS service with necessary credentials (secretId, secretkey), region, App ID, and the template ID for SMS messages. ```Shell ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=tencent \ --spi-message-sender-service-tencent-secret=${secretId} \ --spi-message-sender-service-tencent-key=${secretkey} \ --spi-message-sender-service-tencent-region=${region} \ --spi-message-sender-service-tencent-app=${AppId} \ --spi-message-sender-service-tencent-opt-template={templateId} ``` -------------------------------- ### Install Keycloak Phone Provider JARs Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-yunxin/README.md Copies the compiled JAR files for the Keycloak phone provider and the YUNXin SMS provider into the Keycloak installation directory. This step is necessary to make the custom providers available to Keycloak for runtime use. ```Shell cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-yunxin.jar ${KEYCLOAK_HOME}/providers/ ``` -------------------------------- ### Deploy and Configure Keycloak bulksms SMS Provider Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-bulksms/README.md This shell script snippet outlines the process to deploy the bulksms SMS provider JARs to your Keycloak instance and configure its runtime settings. It includes copying the provider's JARs to the Keycloak providers directory, rebuilding the Keycloak distribution, and starting Keycloak with specific bulksms service parameters such as username, password, and optional settings like URL, 'from' address, encoding, and routing group. ```sh cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-bulksms.jar ${KEYCLOAK_HOME}/providers/ ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=bulksms \ --spi-message-sender-service-bulksms-username=${username} \ --spi-message-sender-service-bulksms-password=${password} \ --spi-message-sender-service-bulksms-url=${url} \ --spi-message-sender-service-bulksms-from=${from} \ --spi-message-sender-service-bulksms-encoding=${encoding} \ --spi-message-sender-service-bulksms-routing-group=${routing_group} ``` -------------------------------- ### Deploy and Configure Twilio SMS Provider for Keycloak Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-twilio/README.md This script demonstrates how to deploy the Keycloak Phone Provider and Twilio SMS provider JARs to the Keycloak installation, rebuild the Keycloak server, and then start it with the Twilio SMS service enabled and configured using environment variables for account SID, auth token, and service phone number. ```sh cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-twilio.jar ${KEYCLOAK_HOME}/providers/ ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=twilio \ --spi-message-sender-service-twilio-account=${account} \ --spi-message-sender-service-twilio-token=${token} \ --spi-message-sender-service-twilio-number=${servicePhoneNumber} ``` -------------------------------- ### Build and Start Keycloak with YUNXin SMS Provider Configuration Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-yunxin/README.md Builds the Keycloak server to incorporate the newly added providers and then starts the Keycloak server. It configures Keycloak to use YUNXin as the default phone service and sets necessary API credentials (secret, AppId) and the template ID for SMS messages via SPI parameters. ```Shell ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=yunxin \ --spi-message-sender-service-yunxin-secret=${secret} \ --spi-message-sender-service-yunxin-app=${AppId} \ --spi-message-sender-service-yunxin-opt-template=${templateId} ``` -------------------------------- ### Deploying and Configuring Keycloak AWS SNS SMS Provider Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-aws-sns/README.md This snippet provides shell commands to deploy the Keycloak Phone Provider JARs and configure the AWS SNS SMS sender. It involves copying compiled JAR files to the Keycloak providers directory, rebuilding Keycloak to apply changes, and starting it with specific SPI parameters to enable the AWS SNS service. ```Shell cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-aws-sns.jar ${KEYCLOAK_HOME}/providers/ ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=aws \ --spi-message-sender-service-aws-sender=${senderId} ``` -------------------------------- ### Keycloak Reset Credentials Flow Configuration for Phone Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md This configuration guide details how to set up a custom 'Reset credentials' flow in Keycloak to incorporate phone-based credential reset. It involves modifying the flow to include phone-specific steps and setting conditional requirements. ```Keycloak Configuration Under Authentication > Flows: - Copy 'Reset credentials' flow to 'Reset credentials with phone' - On 'Rest Credential With Phone' line, click 'Add step' - On 'Send Rest Email If Not Phone' line, click 'Add step' - Delete or disable other steps - Set 'Send Rest Email If Not Phone' to 'Conditional' - Set both 'Rest Credential With Phone' and 'Reset Password' to 'REQUIRED' Set Bind 'Reset credentials with phone' to 'Reset credentials flow' ``` -------------------------------- ### Deploying Tencent SMS Provider JARs to Keycloak Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-tencent/README.md These shell commands copy the compiled JAR files of the Keycloak Phone Provider and Tencent SMS Provider into the Keycloak `providers` directory. This step makes the custom providers available for Keycloak to load during startup. ```Shell cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-tencent.jar ${KEYCLOAK_HOME}/providers/ ``` -------------------------------- ### Build Keycloak Phone Provider Docker Image Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md This command executes a shell script to build the Keycloak Phone Provider project into a Docker image. It is typically run after cloning the repository and is essential for custom builds or development environments. ```shell examples/docker-build.sh ``` -------------------------------- ### Keycloak OpenID Connect Registration Endpoint Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md This API documentation describes the structure and parameters for initiating a user registration flow in Keycloak using the OpenID Connect protocol, specifically tailored for the phone provider integration. It outlines the required query parameters for a successful registration request. ```APIDOC Endpoint: GET /realms//protocol/openid-connect/registrations Description: Initiates the user registration process. Parameters: - client_id (string, required): The client identifier registered in Keycloak. - response_type (string, required): Specifies the desired response type. For registration, 'code' is typically used for authorization code flow. - scope (string, required): A space-separated list of scopes. Common scopes include 'openid' and 'email'. - redirect_uri (string, required): The URI to which the user agent will be redirected after successful registration or authentication. Must be a registered redirect URI for the client. Example Usage: http:///realms//protocol/openid-connect/registrations?client_id=&response_type=code&scope=openid%20email&redirect_uri= ``` -------------------------------- ### Keycloak Phone Provider CLI Configuration Parameters Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md This section details the command-line interface (CLI) parameters used to configure the Keycloak Phone Provider, including changes in parameter names and new additions across different versions. These parameters control phone number canonicalization, OTP expiration, and rate limits. ```APIDOC CLI Parameters: number-regex: (Renamed from `number-regx`) Used for matching regex after canonicalizing phone numbers. otp-expires: (New) Controls the expiration time for One Time Passwords. Replaces the 'OTP Cookie Max Age' setting. target-hour-maximum: (Renamed from `hour-maximum`) Defines the maximum number of operations allowed per target within an hour. source-hour-maximum: (New) Defines the maximum number of operations allowed per source within an hour. canonicalize-phone-numbers: Set to "" or `compatible` to enable phone number canonicalization using Google's libphonenumbers. This is important for migration from older user data where phone numbers might not have been canonicalized. ``` -------------------------------- ### Deploying and Configuring Aliyun SMS Provider in Keycloak Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-aliyun/README.md This shell script demonstrates how to deploy the Aliyun SMS provider JARs into a Keycloak instance and configure Keycloak to use Aliyun as the default SMS service. It includes setting the region, access key, secret, and OTP template ID for message sending. ```Shell cp target/providers/keycloak-phone-provider.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-phone-provider.resources.jar ${KEYCLOAK_HOME}/providers/ cp target/providers/keycloak-sms-provider-aliyun.jar ${KEYCLOAK_HOME}/providers/ ${KEYCLOAK_HOME}/bin/kc.sh build ${KEYCLOAK_HOME}/bin/kc.sh start --spi-phone-default-service=aliyun \ --spi-message-sender-service-aliyun-region=cn-hangzhou \ --spi-message-sender-service-aliyun-key=${accessKey} \ --spi-message-sender-service-aliyun-secret=${accessSecret} \ --spi-message-sender-service-aliyun-otp-template={templateId} ``` -------------------------------- ### Keycloak Phone Provider CLI Configuration Parameters Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md These command-line interface parameters are used with `kc.sh` or `kc.bat` to configure various aspects of the Keycloak Phone Provider. They allow customization of SMS service integration, token expiration, rate limiting, phone number validation, and canonicalization settings, with options for realm-specific overrides. ```APIDOC kc.[sh|bat] start \ --spi-phone-default-service=[dummy|aws|aliyun|cloopen| ...] # Which sms provider --spi-phone-default-token-expires-in=60 # sms expires ,default 60 second --spi-phone-default-source-hour-maximum=10 # How many send from ip address sms count in one hour, Zero is no limit. default 10 --spi-phone-default-target-hour-maximum=3 # How many send to phone number sms count in one hour, Zero is no limit, default 3 --spi-phone-default-[$realm-]duplicate-phone=false # allow one phone register multi user, default: false --spi-phone-default-[$realm-]default-number-regex=^\+?\d+$ #Notice: will match after canonicalize number. eg: INTERNATIONAL: +41 44 668 18 00 , NATIONAL: 044 668 18 00 , E164: +41446681800 --spi-phone-default-[$realm-]valid-phone=true # valid phone number, default: true #whether to parse user-supplied phone numbers and put into canonical International E.163 format. _Required for proper duplicate phone number detection_ --spi-phone-default-[$realm-]canonicalize-phone-numbers=E164 #[E164,INTERNATIONAL,NATIONAL,RFC3966], default: "" un-canonicalize; #a default region to be used when parsing user-supplied phone numbers. Lookup codes at https://www.unicode.org/cldr/cldr-aux/charts/30/supplemental/territory_information.html --spi-phone-default-[$realm-]phone-default-region=US #default: use realm setting's default Locate; #if compatible is true then search user will be use all format phone number --spi-phone-default-[$realm-]compatible=false #default: false #Prevent 2FA from always happening for a period of time --spi-phone-default-[$realm-]otp-expires=3600 #default: 60 * 60; 1 hour ... # provider param refer provider`s readme.md ``` -------------------------------- ### Keycloak Theme Configuration for Phone Provider Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md This configuration snippet demonstrates how to set a custom theme's parent to the 'phone' theme, allowing for customization while inheriting the base functionalities and styles provided by the Keycloak Phone Provider's default theme. ```APIDOC parent=phone ``` -------------------------------- ### Keycloak Direct Grant Flow Configuration for Phone Authentication Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md This section describes the necessary Keycloak administrative steps to configure a custom direct grant flow that allows users to obtain an access token using their phone number. It involves copying and modifying an existing flow and setting it as the default for client direct grants. ```Keycloak Configuration Under Authentication > Flows: - Copy 'Direct Grant' flow to 'Direct grant everybody with phone' - On 'Authentication Everybody By Phone' line, click 'Actions' > 'Add step' and move to first position - Delete or disable other steps - Set 'Authentication Everybody By Phone' to 'REQUIRED' Under Clients > $YOUR_CLIENT > Advanced > Authentication Flow Overrides: - Set Direct Grant Flow to 'Direct grant everybody with phone' ``` -------------------------------- ### Keycloak Phone Access Token API Endpoints Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/README.md These API endpoints facilitate obtaining an access token using a phone number and a verification code. The first endpoint requests an authentication code, and the second uses this code along with other credentials to acquire an OpenID Connect access token. ```APIDOC GET /realms/{realmName}/sms/authentication-code?phoneNumber=+5534990001234 - Description: Requests an authentication code to be sent to the specified phone number, used for obtaining an access token. - Authentication: No authentication required. - Parameters: - realmName (string): The name of the Keycloak realm. - phoneNumber (string): The phone number to which the authentication code should be sent (e.g., +5534990001234). POST /realms/{realmName}/protocol/openid-connect/token - Description: Obtains an access token using the phone number and verification code via the OpenID Connect token endpoint. - Content-Type: application/x-www-form-urlencoded - Body Parameters: - grant_type (string): Must be 'password'. - phone_number (string): The user's phone number (e.g., $PHONE_NUMBER). - code (string): The verification code received via SMS (e.g., $VERIFICATION_CODE). - client_id (string): The client ID of the application (e.g., $CLIENT_ID). - client_secret (string, optional): The client secret if the client is confidential (e.g., $CLIENT_SECRECT). ``` -------------------------------- ### Keycloak Phone Provider SMS Template ID Format and Types Source: https://github.com/cooperlyt/keycloak-phone-provider/blob/master/keycloak-sms-provider-tencent/README.md This API documentation defines the expected format for the `templateId` parameter used by the Keycloak Phone Provider for sending SMS messages via Tencent. It specifies the structure `[$realm-]<[$type | $kind]>-