Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a way for application to granularly decide which authentication mechanisms should be allowed #260

Open
jwag956 opened this issue Jan 23, 2020 · 0 comments
Open

Add a way for application to granularly decide which authentication mechanisms should be allowed #260

jwag956 opened this issue Jan 23, 2020 · 0 comments
Labels
enhancement

Comments

@jwag956
Copy link
Collaborator

jwag956 commented Jan 23, 2020

With 2FA and unified sign in - there are now quite a few different ways users can authenticate. While these features are useful, they are 'global'. Applications might want to be able to provide finer granularity such as 'admins must use 2FA' or 'editors can use email callback to sign in'.

Ideally there would be some consistent callback or signal or ?? that gave detailed information about the identity and how they were authenticating and allow the app writer to 'allow' or 'disallow'.
This would also help with basic auditing.

One simple idea is, as we have done for other things recently (e.g. verify_and_update_password) - simply add a login_user method to the UserMixin which by default would just call the current utils/login_user() method - but could be overridden...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jwag956