search

activist-org / activist

An open-source activism platform
https://activist.org
GNU Affero General Public License v3.0
259 stars 204 forks source link

Discuss Implementation of Authentication, User Registration, and Organization Onboarding #366

Open momanyisamuel opened 1 year ago

momanyisamuel commented 1 year ago

Terms

Description

In order to lay the foundation for a secure and user-friendly environment, we need to discuss and plan the implementation of authentication, user registration, and organization on-boarding processes within activist-org project. This issue serves as a starting point for this critical discussion. @andrewtavis can provide more detail in regards to the user and organization on-boarding process which can help guide the discussion.

Contribution

No response

kurtisolo commented 1 year ago

I am currently studying various authentication systems for another large project I am working on.

Initially, I tried to use the system integrated into DRF, but after several issues, I started looking for alternative solutions.

It's possible to customize DRF's authentication class, but I've never ventured in that direction and can't say whether it might be a sensible solution. Personally, I'm not convinced.

One option that seems valid for projects of a certain importance is OAuth2. It appears to have a certain degree of complexity, but offers a high level of security, supports third-party authentication, is excellent from a scalability perspective, and is very flexible.

Intrigued to see how this aspect of the project will be handled!

to-sta commented 8 months ago

I think we can start with drf authtoken as the authentication method for the mvp and upgrade/extend it later on.