Closed dwasyl closed 9 months ago
This is now supported via e39aed5e -- authentication methods used are all recorded:
https://github.com/pennersr/django-allauth/blob/main/allauth/account/authentication.py#L7
That's great, thanks for making that work so elaborately and so well.
In migrating over from django-otp-based MFA, one feature that existed there is an
is_verified
function on therequest.user
model as a way of checking that a particular User authenticated with their MFA key.This is a handy security feature/validation for sites that might have multiple entry points or have not enabled MFA on particular login screens (i.e. admin).
In
django-otp
world, it comes from a middleware module.Clearly a bad practice not to have MFA on every single login, but it happens and having some way of validating that a user did in fact use MFA to login is handy rather than just assuming they did if they have an device configured.