Such authentication is already possible via action tokens.

A custom implementation of action token is in keycloak quickstarts. Note that in that quickstart, invocation of external application is shown, but that one is not necessary at all, leading to the "magic link" functionality.

Oh, that's nice. Thanks for that. It'd be good to include it among the other authenticators and extend our possibilities. We'd just need to have more opinions on this.

Here's the updated Keycloak Quickstart link. I haven't tried it myself for passwordless auth though, have you @mabartos ?

@codespearhead Nope, I haven't. I'm not sure what's the process behind promoting stuff from quickstarts to the main codebase, but I'd suggest creating an RFE in this repository. It would be good to express all the requirements, explain the motivation around the promotion, and what value it might bring to Keycloak. Additionally, it'd be great if users would react to the RFE to show it's the thing the community wants.

Hi @xgp, can you provide some info on that (I'm also interested as I might have misunderstood).

Based on
You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the software.

and

from the license change article and this page.

Open source license
With the Elastic License, you can use and host the Phase Two Keycloak extensions as part of your own product. You may not sell  
the extensions as a hosted or managed service, which includes bundling and distribution by companies who sell their products for  
on-prem and private cloud use. You are free to create derivative works, but they must maintain the same license, copyright and  
other notices. You may not represent the Phase Two Keycloak extensions as your own work of authorship.

What I understood, is that you can use it in your product (SaaS Applications or Platform), but you are not allowed to offer it as a managed service to another party (like okta could do). Because it's the phasetwo core product and service offering.
So, if you sell a service based on Keycloak as a managed Identity and Access Management to any other company, then you are not allowed to use it.

But I will let @xgp provide a more clear answer to that.

but its license does not permit its use :(
Basically, except use it for yourself, you cannot use it for a commercial purpose.

@FStefanni This is incorrect. The license permits broad use. You are more than welcome to use it for a commercial purpose.

I think there is some confusion about the Elastic v2 license. The brief history there is that AWS and others starting selling hosting of Elasticsearch when it was ASL 2.0. In a move to keep Elasticsearch open source, but to prohibit cloud providers and resellers from selling hosting of the product itself, they changed their license to what eventually became Elastic v2.

Since then, many companies who are both building open source tools, and extending existing tools, have adopted such a license approach (e.g. CockroachDB, MongoDB, Neo4j, Confluent, etc.). Their licenses restrict cloud providers and other resellers from offering their software as a service without purchasing a commercial license.

Phase Two (the author of the keycloak-magic-linkextension, and others) found that cloud providers offering Keycloak as a service, were using its extensions, and reselling them as part of their commercial offering. After consideration and a lot of communication with customers and users, we settled on adopting the Elastic v2 license in order to stop such behavior (although we are aware that it continues, now in violation of the license). We attempted to clarify our position on this when we made the change: https://phasetwo.io/blog/licensing-change

That does not mean that you can't "use it for a commercial purpose" or "its license does not permit its use". These statements are incorrect and misleading. If you are using it for any use case that does not constitute providing the software itself as a service, then that use is permitted.

Some examples:

• If you have created CatShare, a paid SaaS service for discovering and sharing cat videos and pictures, and you use Keycloak and keycloak-magic-links as your User Management and login mechanism, this is a permitted use.
• If you host Keycloak as a service (e.g. Cloud-IAM, Bare.id, Elestio, etc.) and you bundle keycloak-magic-links this is a non-permitted use, and you must obtain a commercial license.

We are trying to encourage the use of our extensions, while prohibiting their use by competitors.

Hi,

@xgp thank you for the clarification. It was not clear to me.
So I'll try to use the extension, since we provide a payed saas, and we want to use keyclock just to manage user logins.

Regards

• If you have created CatShare, a paid SaaS service for discovering and sharing cat videos and pictures, and you use Keycloak and keycloak-magic-links as your User Management and login mechanism, this is a permitted use.
• If you host Keycloak as a service (e.g. Cloud-IAM, Bare.id, Elestio, etc.) and you bundle keycloak-magic-links this is a non-permitted use, and you must obtain a commercial license.

The distinction between "paid SaaS service" and "host Keycloak as a service" is not clear to me.

Where can such a license be acquired? I see an offering "Enterprise Keycloak Support Packages" on phasetwo.io, is this the "commercial license"?

If you compete with anyone on that list (Phase Two, Cloud-IAM, Bare.id, Elestio, etc.) then you need to contact us ([email protected]) for a commercial license. There is no information on the website regarding software licenses for our competitors.