Combined web and mobile authentication for Django.
Project description
Django Multifactor Authentication
NB. Complete refactoring coming soon.
Combined web and mobile authentication for Django. Easily configurable and extendable with new authentication methods or services. Supported out-of-the-box methods by credential pairs:
- email / password
- phone / passcode
- ...add yours
and service providers:
- Twilio
- SendGrid (to be specified)
- Nexmo (to be done)
- Amazon SNS (to be done)
- ...add yours
Usage
The package creates custom user model, that could be used as is or as inherited. General priniciples for custom user models in Django are respected (how it works).
Base settings (required):
AUTH_USER_MODEL = 'multauth.User'
AUTHENTICATION_BACKENDS = (
'multauth.backends.UserBackend',
# ...other custom backends
)
MULTAUTH_DEBUG = True # False by default
MULTAUTH_TOKEN_LENGTH = 6 # size in digits
MULTAUTH_TOKEN_EXPIRY = 3600 * 24 * 3 # time in seconds
Extra settings (optional):
(see built-in devices, providers and templates)
MULTAUTH_DEVICES = [
EmailDevice,
PhoneDevice,
] # by default
MULTAUTH_DEVICE_EMAIL_PROVIDER = 'mail' # by default
MULTAUTH_DEVICE_PHONE_PROVIDER = 'twilio' # by default
MULTAUTH_DEVICE_EMAIL_TEMPLATE_NAME = 'custom'
MULTAUTH_DEVICE_EMAIL_VERIFICATION_VIEWNAME = 'custom'
MULTAUTH_DEVICE_PHONE_TEMPLATE_NAME = 'custom'
Provider specific settings (could be required):
MULTAUTH_PROVIDER_TWILIO_ACCOUNT_SID = 'SID'
MULTAUTH_PROVIDER_TWILIO_AUTH_TOKEN = 'TOKEN'
MULTAUTH_PROVIDER_TWILIO_CALLER_ID = 'CALLER_ID'
Flows
This authentication flow is pretty the same as provided by Django by default. Extra feature is that it's handaled by rest api too, not function calls only.
- User provides
email
as identifier (email address), [url] - User confirms the identifier (
email
) [url, func] - Able to signin using the credentials:
email
/password
- ...add more
Phone
- User provides
phone
as identifier (phone number), [url] - User confirms the identifier (
phone
) [url, func] - Able to signin using the credentials:
phone
/secret
*** [url] - ...add more
*** passcode
(set by user explicitly) or token
(set by app automatically) supposed to be used as secret
More
Let us know what other authentication flows would be nice to add.
For example, you decide to add microchip implants
based authentication. There are several simple steps to take:
- to add Device (as example)[link?]
- to add at least one Provider associated with the Device (as example)[link?]
- to extend User model fields and methods (as example)[link?], [as example, _EmailAbstractUser]
- to extend api with new endpoints [see]
- tweak settings to activate the flow:
MULTAUTH_DEVICES = [
PhoneDevice,
ChipDevice, # long-awaited microchip implants ;)
]
AUTH_USER_MODEL = 'app.ChipPhoneUser'
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-multifactor-authentication-0.0.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6b2b05b53072162948ef6858d34ddef8b669a58c8def3d8a0aaecfce1cb1c7f9 |
|
MD5 | 68b46edf7544a0a0d91789d3b0356f8d |
|
BLAKE2b-256 | ed76a81e5ef97ea03e5249150c2beb310bb60f74a58db6b1deb9e4ef1543acbc |
Hashes for django_multifactor_authentication-0.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 19f6e37a6435038bb9dce94becaab6e311a42265abae4e7144fb09f5abc5d648 |
|
MD5 | 58a107616f074ec6f3a628b3b52747e4 |
|
BLAKE2b-256 | 929ee0b3c0433d4234a84f5e9cc9381a9ee646de8c66a18d209944c4b867ae81 |