Limiting the list of available first factor methods

The FFmethods procedure allows to offer only certain identification and authentication methods to the user when entering the application (a similar procedure with a different list of methods can be assigned to another application). The procedure uses the following identifiers to designate the first factor authentication methods:

• password - login using login and password;

• x509 - login via electronic signature;

• externalIdps - login via external identity providers (social networks etc.);

• spnego - login via operating system session;

• sms - login via confirmation code from SMS;

• knownDevice - login via known device.

• qrCode - login via QR code;

• webAuthn - login with security keys (WebAuthn, Passkey, FIDO2);

• tls – login based on the transmitted HTTP header.

public class FFmethods implements Strategy {

    private final Logger logger = LoggerFactory.getLogger("com.identityblitz.idp.flow.dynamic");

    @Override public StrategyBeginState begin(final Context ctx) {
        if(ctx.claims("subjectId") != null)
            return StrategyState.ENOUGH();
        else
            return StrategyState.MORE(new String[]{"password","x509"});
    }

    @Override public StrategyState next(final Context ctx) {
        Integer reqFactor = (ctx.user() == null) ? null : ctx.user().requiredFactor();
        if(reqFactor == null || reqFactor == 0)
            return StrategyState.ENOUGH();
        else {
            if(reqFactor == ctx.justCompletedFactor())
                return StrategyState.ENOUGH();
            else
                return StrategyState.MORE(new String[]{});
        }
    }
}