Yes, I would like to see that in contrib.auth, which will require rewriting the backends and introduce a auth pipeline ala django-social-auth (has/had) -- I was planning to get some thoughts about that on DUTH. Also see this (short) twitter discussion: https://twitter.com/jacobian/status/651527202119397376 -- so the need is definitely there.
Cheers, Florian On Monday, October 26, 2015 at 6:22:46 PM UTC+1, Tim Graham wrote: > > On Trac [1], Alex says, "Django did a tremendous service to its users by > making strong password hashing be the default. The world is pushing > forward, and now 2fa is the next standard that many sites fail to meet. > Django should include support for 2fa out of the box, ideally with support > for both u2f and TOTP (Google Authenticator)." > > > Doing a quick search, I found > https://github.com/Bouke/django-two-factor-auth > <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2FBouke%2Fdjango-two-factor-auth&sa=D&sntz=1&usg=AFQjCNH8Ts_b2AxVUoqCYI1J240W1uKe3A> > > as a possible existing implementation that might be a starting point if we > decide to integrate something. What do you think? One sticking point could > be that it uses a ThreadLocals middleware. I didn't look to see how > "necessary" that is. > > > [1] https://code.djangoproject.com/ticket/25612 > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/140a74cc-6bea-40c8-892b-aeb0079669a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
