Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration with django-two-factor-auth and/or django-otp #8

Closed
moreati opened this issue Jul 11, 2015 · 5 comments
Closed

Integration with django-two-factor-auth and/or django-otp #8

moreati opened this issue Jul 11, 2015 · 5 comments

Comments

@moreati
Copy link
Contributor

moreati commented Jul 11, 2015

Gavin, I've made a hacky proof of concept for U2F with django-two-factor-auth moreati/django-two-factor-auth@a44ac23. It doesn't use django-u2f, but it's based heavily on it.

I think the proper route to integration is a django-otp plugin that implements U2F. For the next step the options I see are:

  1. Create django-otp-u2f a fork of django-u2f, that is seperate to django-u2f
  2. Turn django-u2f into a django-otp plugin. This would:
    • Replace django-u2f's model with a django-otp Device subclass (with migration scripts for the django_u2f.models, if possible/desirable)
    • Replace django-u2f's LOGIN_URL integration with that from django-otp (or possibly django-two-factor-auth)
    • Migrate/replace django-u2f's forms to integrate with django-otp and django-two-factor-auth
  3. Keep existing django-Add extra models/forms/views to django-u2f that in

Do you have a preference? Based on simplicity/maintenance mine is the 2nd, but I don't have an existing install base or users.

Are you aware of anybody using django-u2f in anger?

Any other thoughts? Queries?
@moreati
Copy link
Contributor Author

moreati commented Jul 11, 2015

See also jazzband/django-two-factor-auth#86

@gavinwahl
Copy link
Owner

I'm conflicted about this. I like the idea of django-u2f being a standalone application, but I don't think it's feasible to support just u2f. I think my ideal solution would only support open standards: u2f, TOTP, and backup codes. It's probably possible to configure django-two-factor-auth or django-otp like this, but I'm not sure their complexity is worth it.

Nobody is is using django-u2f in production as far as I know, so changing stuff shouldn't be a problem, I'm just not sure what direction to go in.

@moreati
Copy link
Contributor Author

moreati commented Jul 14, 2015

I think my ideal solution would only support open standards: u2f, TOTP, and backup codes.

That's exactly how django-two-factor works, currently sans U2F. Try the demo http://example-two-factor-auth.herokuapp.com/

I'm tidying up a commit to django-two-factor-u2f right now.

moreati added a commit to moreati/django-u2f that referenced this issue Aug 19, 2015
@moreati
Add setup() metadata for PyPI (except version) refs gavinwahl#8
7d92c38 
I've left version out for now, as a safety catch against doing the
first release before we've decided on/fixed issue gavinwahl#8
@moreati moreati mentioned this issue Aug 19, 2015
Merged
moreati added a commit to moreati/django-u2f that referenced this issue Aug 20, 2015
@moreati
Add setup() metadata for PyPI (except version) refs gavinwahl#8
6b167ef 
I've left version out for now, as a safety catch against doing the
first release before we've decided on/fixed issue gavinwahl#8
@sserrano44
Copy link

@moreati what is the status of this issue? need some help?

@gavinwahl
Copy link
Owner

Moving to #14

gavinwahl added a commit that referenced this issue Dec 8, 2015
@gavinwahl
Merge pull request #12 from moreati/packagify
bf3294d 
Add setup() metadata for PyPI (except version) refs #8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sserrano44 @moreati @gavinwahl