https://github.com/2mol/keycloak-twilio-example
https://github.com/2mol/keycloak-twilio-example
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/2mol/keycloak-twilio-example
- Owner: 2mol
- License: mit
- Created: 2021-01-20T10:39:00.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-01-20T11:51:24.000Z (over 5 years ago)
- Last Synced: 2025-04-08T10:37:42.367Z (about 1 year ago)
- Language: Java
- Size: 22.5 KB
- Stars: 4
- Watchers: 2
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Keycloak + Twilio SDK
This repo is for reproducing a bug where the `log4j` dependency from Twilio seems to clash with the one from `keycloak-services` (transitive dependency, check with `mvn dependency:tree`).
Relevant repos:
- https://github.com/twilio/twilio-java
- https://github.com/keycloak/keycloak
This code example is based on `https://www.n-k.de/2020/12/keycloak-2fa-sms-authentication.html`, and its corresponding repo: https://github.com/dasniko/keycloak-2fa-sms-authenticator.
## How to reproduce
Dependencies are maven, openjdk 11, and docker.
- build the module with `mvn clean package`.
- Create an `.env` file, use `example.env` as a template. This is needed for the Twilio token.
- Start a keycloak container with `docker run --name keycloak -p 8080:8080 --env-file .env quay.io/keycloak/keycloak:12.0.1`
- Copy the compiled module .jar over with `docker cp target/example-keycloak-2fa-sms-authenticator-*.jar keycloak:/opt/jboss/keycloak/standalone/deployments/`. The keycloak logs will show the module being loaded.
Now the more manual part is to trigger usage of the module:
- Log into Keycloak with admin/admin.
- Create a new realm (hover over the realm name).
- **> Realm Settings > Login:** Enable user registration
- register a new user account. You can find the link under **> Clients**
- **> Authentication:** Make a copy of the Browser Flow
- Add execution under "Copy Of Browser Forms" or whatever you named it
- Select the SMS Authentication
- Set it to REQUIRED
- For the SMS Authentication step, use the dropdown to go to **config**
- give it a name, **save**, then switch off simulation mode, then **save again**
- Go back. Under the **Bindings** tab, select your new flow as the new Browser Flow
- Save
- **> Users** select your user, go to the **Attributes** tab, and add a new key:
- `mobile_number`, and whatever value you want. Doesn't have to be a real phone number.
- Save
- Now try to sign in (same URL that you used to register a user).
You should get an internal server error in the browser, and see the dreaded `No class provided` error in the Keycloak console output:
```
Caused by: java.lang.UnsupportedOperationException: No class provided, and an appropriate one cannot be found.
at deployment.example-keycloak-2fa-sms-authenticator-1.0-SNAPSHOT.jar//org.apache.logging.log4j.LogManager.callerClass(LogManager.java:571)
...
```
## How to make it work
Downgrade the version number of the Twilio SDK in `pom.xml`: Change to 8.3.0 under `8.6.0`.
This version doesn't use `log4j`, and the integration works.
Note: for this it is better to have real phone numbers, both under your user account, as well as the `PHONE_NUMBER_FROM` variable in `.env`