send_email option added

README.md

@@ -1,5 +1,5 @@
 # multifactor-keycloak-plugin
-> Attention: The current version of the plugin only works with Keycloak, starting from version 22.0.1
+> Attention: The current version of the plugin only works with Keycloak, starting from version 23.0.1
 
 Authentication execution plugin for Keycloak that adds <a href="https://multifactor.ru/" target="_blank">MultiFactor</a> into the authentication flow. Component uses Keycloak Service Provider Interface (SPI) to show user a MultiFactor iframe upon completion of primary authentication.
 

pom.xml

@@ -13,9 +13,7 @@
     <packaging>jar</packaging>
 
     <properties>
-        <keycloak.version>22.0.1</keycloak.version>
-	<maven.compiler.source>17</maven.compiler.source>
-  	<maven.compiler.target>17</maven.compiler.target>
+        <keycloak.version>23.0.1</keycloak.version>
     </properties>
 
     <dependencies>

src/main/java/ru/multifactor/keycloak/auth/spi/mf/MultifactorAuthenticator.java

@@ -177,7 +177,7 @@ private jakarta.ws.rs.core.Response createMultifactorForm(AuthenticationFlowCont
     @Override
     public void authenticate(AuthenticationFlowContext context) {
           StringBuilder result=new StringBuilder("");
-          if(apiRequest(apiURL(context)+"/access/requests", context.getUser().getUsername(), apiKey(context), apiSecret(context), result))
+          if(apiRequest(apiURL(context)+"/access/requests", useEmail(context)?context.getUser().getEmail():context.getUser().getUsername(), apiKey(context), apiSecret(context), result))
           	context.challenge(createMultifactorForm(context, result.toString(), null));
 	  else if(result.toString().equals("API UNREACHABLE") && byPass(context)) context.success();
           else context.challenge(createMultifactorForm(context, null, result.toString()));
@@ -196,7 +196,7 @@ public void action(AuthenticationFlowContext context) {
         }
         String token= formData.getFirst("jwt_token");
         StringBuilder result=new StringBuilder("");
-        if(!chkToken(token, context.getUser().getUsername(), apiKey(context), apiSecret(context), result))
+        if(!chkToken(token, useEmail(context)?context.getUser().getEmail():context.getUser().getUsername(), apiKey(context), apiSecret(context), result))
 	{
             context.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, createMultifactorForm(context, null, result.toString()));
             return;
@@ -228,4 +228,11 @@ private boolean byPass(AuthenticationFlowContext context) {
         return Boolean.valueOf(config.getConfig().get(PROP_BYPASS));
 
     }
+    private boolean useEmail(AuthenticationFlowContext context) {
+        AuthenticatorConfigModel config = context.getAuthenticatorConfig();
+        if (config == null) return false;
+        return Boolean.valueOf(config.getConfig().get(PROP_USE_EMAIL));
+
+    }
+
 }

src/main/java/ru/multifactor/keycloak/auth/spi/mf/MultifactorAuthenticatorFactory.java

@@ -19,6 +19,7 @@ public class MultifactorAuthenticatorFactory implements AuthenticatorFactory{
     public static final String PROP_SECRET = "multifactor.secret";
     public static final String PROP_APIURL = "multifactor.apiurl";
     public static final String PROP_BYPASS = "multifactor.bypass";
+    public static final String PROP_USE_EMAIL = "multifactor.use_email";
 
 
     @Override
@@ -83,6 +84,14 @@ public boolean isConfigurable() {
         bypass.setHelpText("Enable bypass when api unreachable");
         configProperties.add(bypass);
 
+        ProviderConfigProperty use_email = new ProviderConfigProperty();
+        use_email.setDefaultValue(false);
+        use_email.setName(PROP_USE_EMAIL);
+        use_email.setLabel("Send an e-mail instead of a username");
+        use_email.setType(ProviderConfigProperty.BOOLEAN_TYPE);
+        use_email.setHelpText("Send the keycloak e-mail attribute to the multifactor api instead of username");
+        configProperties.add(use_email);
+
     }
 
     @Override