django-allauth
django-allauth copied to clipboard
pennersr
6 digit verification for email address verification
feature-request
6 digit code verification has recently become a common practice: instead of having the user click on a verification link, you email him a 6 digits code that he has to write down in the final step of the sign-up form. This is quite useful when the user is using a computer where he cannot easily read his email (so he could read the 6 digits code on his phone), or vice versa.
Ideally, it would be great to enable both methods: in order to verify the user email address you send him the verification link and the 6 digits code, so that the user can choose which method is easier for him.
I'm also looking to try and do the same thing. If anyone comes up with a clean production-ready solution, please share!
I think this is critical to avoid users losing track of the confirmation email and if it's going to SPAM, catching it early on.
Linking the following issue since it relates:
https://github.com/pennersr/django-allauth/issues/2814
yes, but allauth + dj-rest-auth + otp requires a lot of tweaking as we use it together with drf-yasg
basically allauth is not really drf friendly and dj-rest-auth breaks all drf-yasg shemas
time for a big refactor?
This issue is a good feature request.
@pennersr how do you feel about moderating off topic comments? Pretty uncommon in your project but this issue is full of it.
If django-allauth integrates with that out of the box this can probably be closed and mentioned in the docs as the recommended solution for such a thing.
@derek-adair I would argue that a lot more people use dj-rest-auth than django-df-auth, so it would be great to have a solution that works with dj-rest-auth as well.
Not sure what you are arguing. I'm dispassionate about which of these allauth would support. My comment was simply that we should look at what, if anything, can be done to make these projects play nice together. For example, if someone could post up an example / tutorial / whatever of what kind of problems people have working with these projects togther that would be a great start!
Also @ayushin how is it that django allauth does not play nice w/ DRF? I have active projects that use allauth and django together and have no issues.
Hello, Can anyone who has successfully integrated django OTP and allauth share some code samples? I want to send OTP on user login, redirect them to OTP confirmation page, verify the OTP and then send them to their dashboard.
This system works with allauth right now, except for the login OTP part. @ayushin @webpn @derek-adair
P.S. I am using Django template, not DRF.
@josylad Just to be sure I fully understand, what you are referring to -- sending a OTP on login -- is something different from using a OTP for email verification, right? So, I think there are 2 distinct feature requests here:
- Being able to confirm email addresses with a simple code (instead of following a link as is now).
- Using your email as a 2nd factor, so that on each login you are sent a OTP that you will have to confirm.
@josylad Just to be sure I fully understand, what you are referring to -- sending a OTP on login -- is something different from using a OTP for email verification, right? So, I think there are 2 distinct feature requests here:
- Being able to confirm email addresses with a simple code (instead of following a link as is now).
- Using your email as a 2nd factor, so that on each login you are sent a OTP that you will have to confirm.
Yes, you are correct. @pennersr
@josylad See #3550 -- feel free to provide your use case specifics there.
Done, thanks.
I've been following the discussion on implementing a one-time code for email verification in django-allauth, and I'd like to offer a summary and some thoughts for further consideration.
In modern web applications, it's becoming increasingly common to verify a user's email address through a one-time code, as opposed to the traditional confirmation link. This approach ensures real-time verification of the email address before the completion of the registration process. It's particularly useful in scenarios where immediate verification is crucial and adds an additional layer of security.
A key point for discussion is whether entering this verification code should be mandatory or configurable via Django settings. This raises questions about how it would interact with the existing functionality of django-allauth.
A key point for discussion is whether entering this verification code should be mandatory or configurable
Definitely configurable, as allauth is used in all sorts of context, and mandatory email verification by code is not applicable everywhere.