Django authentication system is built upon the idea of single-request authentication. User sends a request, it's evaluated and then django either logs user in or not.
Approach of django-fido is different. It provides second step authentication for user, who is already authenticated. This does not work with a general django app without creating some kind of additional authentication checking mechanism.
It should be possible to use one step authentication with django-fido i.e. use single form that sends username, password and fido credentials all at once. For maintaining backwards compatibility, we should create a new setting (perhaps DJANGO_FIDO_TWO_STEP) which default value will maintain the current behaviour.
stinovlas
commented
4 years ago
Django authentication system is built upon the idea of single-request authentication. User sends a request, it's evaluated and then django either logs user in or not.
Approach of
django-fidois different. It provides second step authentication for user, who is already authenticated. This does not work with a general django app without creating some kind of additional authentication checking mechanism.It should be possible to use one step authentication with
django-fidoi.e. use single form that sends username, password and fido credentials all at once. For maintaining backwards compatibility, we should create a new setting (perhapsDJANGO_FIDO_TWO_STEP) which default value will maintain the current behaviour.