On Trac [1], Alex says, "Django did a tremendous service to its users by making strong password hashing be the default. The world is pushing forward, and now 2fa is the next standard that many sites fail to meet. Django should include support for 2fa out of the box, ideally with support for both u2f and TOTP (Google Authenticator)."
Doing a quick search, I found https://github.com/Bouke/django-two-factor-auth as a possible existing implementation that might be a starting point if we decide to integrate something. What do you think? One sticking point could be that it uses a ThreadLocals middleware. I didn't look to see how "necessary" that is.
Fwiw, 2fa is on my short list of things to implement into my current project. It's a fairly important feature to me, as this is a financial project. And that particular implementation is precisely what I was looking to use. I would happily contribute money and/or time toward this implementation, especially if there was a happy upgrade path from Bouke's library.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/fe9102ce-a136-40f9-a95e-0254ebc340e2%40googlegroups.com.
--
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAJxq8494WzyFUS%2B4J93dQfge64HkmSOmWK9Lg5dyuqmhmxpUOA%40mail.gmail.com.
Fwiw, 2fa is on my short list of things to implement into my current project. It's a fairly important feature to me, as this is a financial project. And that particular implementation is precisely what I was looking to use. I would happily contribute money and/or time toward this implementation, especially if there was a happy upgrade path from Bouke's library.
Based on the ticket description and the django developers discussion U2F and TOTP are the most desired authentication methods. So I would like to integrate them (orienting on Bouke's
implementation) first. And if SMS and email based authentication are also desired I would
go about them next.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0e80fdf8-2387-4835-8ba0-2d2af01442ec%40googlegroups.com.
TFA_FORMS = [
{'METHOD_NAME': 'TOTP', 'FORM_PATH': 'django.contrib.twofactorauth.forms.TOTPAuthenticationForm'},
{'METHOD_NAME': 'Backup Token', 'FORM_PATH': 'django.contrib.twofactorauth.forms.BackupTokenAuthenticationForm'},
]
<form method="POST">
{% csrf_token %}
{{ forms.TOTP.as_p }}
<button name="type" value="{{ forms.TOTP.method_name }}">{% trans 'Submit' %}</button>
</form>