There's also <http://pythonhosted.org/django-otp/>, which is fairly easy to integrate into a Django project.
As a long-term user of (but rare contributor to) Django I'd say the ease of using one of a number of third-party solutions points to keeping it out of core. Relatedly, integrating custom auth (i.e. not just username/password) would be easier if the Django admin site deferred to LOGIN_URL by default instead of presenting its own login form. An example issue is when one uses some sort of web server SSO module with RemoteUserMiddleware, and then the admin site presents asks for a username and password for already-authenticated non-staff (who have no local credentials). Yours, Alex On 16/01/17 16:28, Gavin Wahl wrote: > I have a project that implements TOTP and U2F as a third-party > package: https://github.com/gavinwahl/django-u2f > > On Sunday, January 15, 2017 at 3:47:56 AM UTC-7, ludovic coues wrote: > > Hello, > > After reading the recent thread on authentification in django, I > wondered about the chance of getting a 2-step auth mechanism in > django.contrib. > > Time based one time password, or TOTP, is now part of the RFC 6238. > For those who don't know it, it use a shared secret and current time > to produce 6 digit number. That number change every 30 seconds and is > used to confirm login after entering a correct username and password. > > As far as I can tell, there is no such thing present in django > currently. But I don't know if it's because nobody have done the work > or if there are reason to not include 2-step solution in django. > > -- > > Cordialement, Coues Ludovic > +336 148 743 42 > > -- > You received this message because you are subscribed to the Google > Groups "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/7a3b3837-5c24-4984-abb8-d68d9ce31459%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/7a3b3837-5c24-4984-abb8-d68d9ce31459%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/fb94cbfa-5987-4aa7-e74a-6fa53ce05cce%40alexdutton.co.uk. For more options, visit https://groups.google.com/d/optout.
