Feature request: disable user passwords (while allowing logging in with a magic link and social accounts)

[Flimm]

I would like to disable completely user passwords, without requiring that users use a social account. If users do not want to use a social account, they can use a "magic" link sent to their email inbox (or maybe with a passkey in the future).

If I enable SOCIALACCOUNT_ONLY = True, then the ability to log in with a link sent to an email address is disabled completely. But if I disable SOCIALACCOUNT_ONLY, then the user is prompted to choose a password on sign-up, and the email+password login form is shown to the user when logging in.

I'm building a website where users cannot be trusted to choose secure passwords for themselves, or to handle a password manager. But I don't want to lock users into a Google or Facebook account that they may lose access to. If they lose access to their Google or Facebook account, I would like them to be able to log in using just their email account.

I know this would be substantial effort to get this implemented. I'm not sure I am able to contribute a pull request implementing this yet, but I wanted to record the feature request, to get the discussion started at least.