Skip to content

Auth system improvements #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
alexandernst opened this issue Apr 27, 2025 · 3 comments
Open
1 task done

Auth system improvements #12

alexandernst opened this issue Apr 27, 2025 · 3 comments
Labels
Authentication/Users

Comments

@alexandernst
Copy link

alexandernst commented Apr 27, 2025
edited
Loading

Code of Conduct

  • I agree to follow Django's Code of Conduct

Feature Description

(This is a split from #10)

Problem

Django has a builtin authentication system, but it doesn't cover features that should be present in any authentication system (e.g. 2FA), as per NIST suggestions. It is fine for local testing and production services categorised at AAL1 level, but anything above that requires 3rd party packages (django-allauth comes to mind as an example of a very robust and feature rich package).

I understand that Django can't just merge django-allauth and call it a day. A framework has a radically different release schedule compared to a 3rd party package, and supporting oauth with XYZ service (which would require hardcoding URLs of external services) feels like a stretch, but maybe there could be a middle ground. Maybe Django can integrate into its core some parts of django-allauth?

Request or proposal

Request changes for Django to implement / provide out of the box:

  • at least basic password-related functionality (user registration, password recovery, etc...)
  • secure authentication mechanisms (2FA / MFA; maybe hardware authentication, eg. yubikeys)
  • stateless authentication (jwt creation, refresh, invalidation, etc...)

I would suggest trying to integrate the core (features) of django-allauth.

Additional Details

No response

Implementation Suggestions

No response
@github-actions GitHub Actions
Copy link

Thank you alexandernst for sharing your idea! We have a lot of them so please be patient. You can see the current queue here. If you'd like to learn about other ways to get this idea more attention, please see this page.

Community instructions

For commenters, please use the emoji reactions on the issue to express support, and/or concern easily. Please use the comments to ask questions or contribute knowledge about the idea. It is unhelpful to post comments of "I'd love this" or "What's the state of this?"

Reaction Guide

  • 👍 This is something I would use
  • 👎 This is something that would cause problems for me or Django
  • 😕 I’m indifferent to this
  • 🎉 This is an easy win

@tim-schilling
Copy link
Member

I think having a clearer statement of what would change would be helpful for people weighing in. Currently, this is vague and it's hard for people to take a stance.

@alexandernst
Copy link
Author

@tim-schilling I updated the description ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Authentication/Users
Projects
New Features
Status: Idea
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexandernst @tim-schilling @LilyAcorn