Customizing authentication flows
As you learned from Chapter 11, Authenticating Users, Keycloak allows you to easily customize user authentication by changing authentication flows through the administration console. Eventually, the built-in authentication executions might not be enough to address your authentication requirements, and, in this case, you can leverage the Authentication SPI to implement your own authentication executions.
We are not going to cover in this section all the details pertaining to the Authentication SPI, but give you a code example to help you understand the steps and the mechanics when you are creating your own authenticators. The code example for this topic is available from the GitHub repository at
The example here is about a quite simple authenticator that relies on a risk score to determine whether the user should provide a second factor when authenticating. The risk score is calculated based only on the number...