Closed aitorpazos closed 4 years ago
Hi @aitorpazos
First of the second request can be used today. If your client supports the option SQRLOnly then you can turn that flag on for identity and then all sites that support that option (WordPress plugin included) will only allow login from SQRL clients.
Remember that you CAN NOT log in with password on that account if you turn this option on. There is another option for not allowing any bypass options like password restore and so on. Sadly this is not a viable implementation for WordPress as there might be many restore options with plugins, maybe that will be implemented in the future.
I will look into turning registration by username off if you use the regular registration flow. Can't give any promises but I'll give it a try.
If someone has a good idea then please just contact me or create a pull request :)
Best regards Daniel
Thanks for your feedback. it helped me understand the use case for SQRLOnly
option.
In order to allow new users to log in with SQRL AFAIK I need to enable new users registration. This renders into bots registering using the username/password mechanism.
I'm aware SQRL doesn't necessary make it better as we can get SQRL bots registering identities automatically as well.
However, if someone wants to go all the way into SQRL, it will be nice to be able to disable username/password users registration and be able to accept only SQRL registrations.
Disabling username/password login seems a bit more radical but I'd like to have the option to remove those credentials from the server.