Setup 2FA with TypingDNA Verify on a NodeJS web application that is using Keycloak - Standard Integration
Goal
The aim of this tutorial is to lay out the steps for integrating TypingDNA Verify 2FA on a basic Node.js website that is using Keycloak as the Identity and Access management solution.
Intro
In this tutorial we will build a sample web application that is using TypingDNA Verify 2FA. The user will first introduce the username and password that will be verified by Keycloak, and that information will then be used by TypingDNA Verify for a second factor of authentication. We will cover all technologies that are needed to run a simple demo on a local machine.
Prerequisites
In order to create a working example of TypingDNA Verify 2FA, the following actions need to be taken:
Create an account on typingdna.com. The Verify 2FA dashboard will provide you with the clientID, secret and applicationID.
Setup ngrok. Ngrok creates a public url that will link to your localhost environment. For security purposes, TypingDNA Verify 2FA will only run on a public url. Ngrok can be downloaded from the following link: https://ngrok.com/.
Keycloak Configuration
We will be setting up Keycloak on a localhost using a Windows machine.
Make sure you have OpenJDK 1.8 or newer installed.
First step is to download and extract keycloak-15.0.2.zip from the Keycloak website.
Navigate to the new extracted folder, then to start Keycloak run the following command.
bin/standalone.bat
Once Keycloak has booted up, open http://localhost:8080/auth, then fill in the form with your preferred username and password.
Now that Keycloak has been set up to run on our localhost we will start designing our application.
Website Configuration
Let’s create a simple website application. We will be using a lot of the information from the tutorial on TypingDNA Verify from Tech with Tim so for more detailed information please check out his video tutorial.
Create a basic node.js application using the following command:
npx express-generator website
Delete the bin, public and routes folders.
Delete the 3 jade files inside the views folder.
Edit the app.js such that it will have the following code:
button(
class = "typingdna-verify",
data-typingdna-client-id= `${clientId}`,
data-typingdna-application-id= `${applicationId}`,
data-typingdna-payload= `${payload}`,
data-typingdna-callback-fn= "callbackFn"
) Verify 2FA with TypingDNA
After the user has typed the 4 words, an OTP code will be generated and the callbackFn will be called. In order to process this new OTP code we will add the following javascript code.
Note: Under the root URL we will use the http link for now. Other configuration changes are required to be made in keycloak in order to handle https requests that are outside of the scope of this tutorial. TypingDNA Verify 2FA will only function if it’s running from HTTPS.
Navigate to the installation tab of the new client that you have created and copy the information from Keycloak OIDC_JSON.
Create a file called keycloak.json and copy the content:
Navigate to the users section.
Add a new user.
Select the password under credentials:
Navigate to the Roles page.
Create the role: “typingdna-keycloak”.
Then navigate to the role mapping tab of the user and assign the new created role to the user.
In order to integrate with keycloak we will add more dependencies in our package.json file:
Run npm install jwt-decode keycloak-connect express-session
Start Keycloak and start the web application with the command node .\app.js.
Access in a browser the ngrok link.
The user is redirected to the keycloak login page:
Enter the credentials and select the sign in button.
The user is redirected to the 2FA page.
Note: if the SSL/HTTPS redirect is not set up you will have to manually redirect the link. Adding SSL/HTTPS redirects is outside the scope of this tutorial.
Select the “Verify 2FA with TypingDNA” and type the 4 words presented on the screen.
Once the 4 words are typed the user is redirected to the result page where the message “Authentication Successful” is presented.
Share this message across Slack, email, etc. We even jotted down some of the highlights to make it easier.
Check this out! 🚀 Found a cool way to 2FA our users: TypingDNA Verify 2FA. It authenticates people based on how they type — replacing authenticator apps and OTP codes. Awesome user experience! 🙌 Quick integration too (under 10 mins). And we can try it free with 100 users. What do you think? https://www.typingdna.com/verify