Support more types of devices (besides just TOTP)

valohai / django-allauth-2fa

Two-factor authentication for Django Allauth

Other

212 stars 51 forks source link

Support more types of devices (besides just TOTP) #23

Open clokep opened 7 years ago

clokep commented 7 years ago

django-otp supports at least TOTP, static, and HOTP. It also provides a separate packages for YubiKey and Twilio support.

We should figure out a way to make django-allauth-2fa check any appropriate 2FA systems when logging in, not just the totp devices. Some information about this is available in the docs: https://pythonhosted.org/django-otp/overview.html#plugins-and-devices

9mido commented 3 years ago

Updating the link since the old one no longer works:

https://django-otp-official.readthedocs.io/en/stable/overview.html#plugins-and-devices

We should focus on supporting Webauthn for this issue. I wrote about why in issue #59. It is a step up from OTP, since OTP is not as secure.

I guess we would need different flows for users who wish to setup OTP versus users who want to setup FIDO2 U2F with webauthn. Webauthn should be able to handle both OTP and FIDO2 U2F though.

clokep commented 3 years ago

As the description said it would be nice if you could configure whatever you wanted and django-allauth-2fa just used it, instead of being hard-coded to assume TOTP is the only type of device.