drf support #13
Comments
|
taking a shot at it, not ready at all, just the init setup |
|
Apologies for ignoring this. I'm keen to keep the project agnostic in terms of structural things like DRF. It raises a lot of challenges:
I don't know what the answer is. Open to suggestions. |
|
I've been thinking about this on and off for the last few years and it feels like it's not really something this project should tackle as you'd need to enforce DRF devs to work in a specific way. The closest I thought about getting this working is to have two custom authentication endpoint: Endpoint one - Authenticates the user, generates a short lived token (30 seconds) which is returned in the response. Note this can not be the normal DRF token as you don't want it to be valid so it would need a custom model. Endpoint two - Expects the token to be send along with the MFA code, looks up the user from the new model, validates the MFA code, then generates the real DRF token which is returned to the user to use in other requests It's would need to be extensible as people create custom auth tokens all the time, I for examples have expiring tokens for some DRF projects with different expiry rate. Just thought I'd put my thoughts down as a comment since I come back to this thread every few months and keep thinking about posting this |
How about DRF/Django Rest Framework support?
I've been looking through the code, would it be a stretch to add a layer for DRF? For TOPT simply provide endpoint for the data/form and serve the image wouldn't be that much of a stretch, I'm not (yet) familiar enough with to inner workings fido/u2f to comment on that part.
The text was updated successfully, but these errors were encountered: