Trusted Device two factor authenticator

[formalizator]

Description

As a user I want to only input two factor authenticator every 30 days so that I can repeat login on the same device multiple times

Acceptance criteria:

• [ ] Implemented as a Trusted Device two factor authenticator
• [ ] Admin should be able to register Trusted Device two factor authenticator as a supported two factor authenticator with the realm
• [ ] Admin should be able to configure how many days the device is trusted
• [ ] User should see Trusted Device as a two factor authenticator associated with their account in the Account Console
• [ ] User should be able to remove the Trusted Device authenticator which will expire all current Trusted Devices
• [ ] On next login the User will have a new Trusted Device and the Trusted Device authenticator will be visible again
• [ ] When entering two factor authenticator the user should have a checkbox asking the user if they want to not ask for two factor authentication next time on the device

Original:

• https://issues.redhat.com/browse/KEYCLOAK-242
• https://issues.redhat.com/browse/KEYCLOAK-13358

Discussion

https://issues.redhat.com/browse/KEYCLOAK-242

Motivation

As a user I want to only input two factor authenticator every 30 days or if I change the device (browser ) Keycloak does not have this.

Details

Poc defined by the user: https://github.com/thomasdarimont/keycloak-project-example/tree/main/keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/auth/trusteddevice