Open alfonsrv opened 9 months ago
@MichalPham please have a look as part of the changes you are implementing.
will add
get_user_display_name
, get_username
, get_user_id
with current implementation which can be overridden by a setting callables
DJANGO_FIDO_GET_USER_DISPLAY_NAME
, DJANGO_FIDO_GET_USERNAME
, DJANGO_FIDO_GET_USER_ID
Overwriting the user model (dropping the
username
field in favor ofemail
) causes registrations to not work. Admin fails with "An unexpected error occurred".Instead, the username field should be derived from the registered User model's constant
USERNAME_FIELD
to support custom username fields.Using either
username
oremail
however can lead to undesirable results. A change of name due to marriage, causing both ausername
and/oremail
change would cause FIDO2 auths to fail for intransparent reasons for an administrator and could cause some frustration. Might be a thing to consider.Frankly, I'm not an expert on the matter and am sure there's cryptographic reason either field is used. Reading the W3 specs for
id
/user handle
, it states the following though regarding the field in question: