{"id":20529376,"url":"https://github.com/andrenerd/django-multifactor-authentication","last_synced_at":"2025-10-26T05:43:48.543Z","repository":{"id":53186113,"uuid":"267042655","full_name":"andrenerd/django-multifactor-authentication","owner":"andrenerd","description":"Django Multifactor Authentication","archived":false,"fork":false,"pushed_at":"2021-09-13T21:58:06.000Z","size":255,"stargazers_count":8,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-14T05:07:57.131Z","etag":null,"topics":["2fa","authentication","mfa","multifactor-authentication","passcode","password","pin","security","token","two-factor-auth","ufa"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andrenerd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-26T12:55:32.000Z","updated_at":"2024-01-19T10:27:22.000Z","dependencies_parsed_at":"2022-08-22T20:40:12.273Z","dependency_job_id":null,"html_url":"https://github.com/andrenerd/django-multifactor-authentication","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrenerd%2Fdjango-multifactor-authentication","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrenerd%2Fdjango-multifactor-authentication/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrenerd%2Fdjango-multifactor-authentication/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrenerd%2Fdjango-multifactor-authentication/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andrenerd","download_url":"https://codeload.github.com/andrenerd/django-multifactor-authentication/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248824682,"owners_count":21167345,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","authentication","mfa","multifactor-authentication","passcode","password","pin","security","token","two-factor-auth","ufa"],"created_at":"2024-11-15T23:31:26.577Z","updated_at":"2025-10-26T05:43:43.514Z","avatar_url":"https://github.com/andrenerd.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Django Multifactor Authentication\n\n\n[![pypi version](https://img.shields.io/pypi/v/django-multifactor-authentication.svg)](https://pypi.org/project/django-multifactor-authentication/)\n\n\nFlexible authentication for web, mobile, desktop and hybrid apps. Can be used for 1fa, 2fa and mfa scenarios. Easily configurable and extendable with new authentication methods, called `services`. All authenticaton scenarios, called `flows`, are based on `identifiers` and `secrets`, which can be used or not used in multiple combinations:\n- username, email, phone, ...\n- password, passcode (aka one-time pass or token), hardcode (aka device or card id), ...\n\nFull list of supported services (devices):\n- Email\n- Phone (as Sms)\n- WhatsApp\n- Google Authenticator\n- Microsoft Authenticator\n- Authy, andOTP, etc\n- Yubikey (soon)\n- ...add yours\n\nand service providers:  \n- Twilio\n- Vonage (Nexmo)\n- Amazon SNS\n- ...add yours\n\n\n\n### Usage\n\nThe package creates custom user model, that could be used as is or as inherited. General priniciples for custom user models in Django are respected ([how it works](https://docs.djangoproject.com/en/2.2/topics/auth/customizing/#substituting-a-custom-user-model)).\n\n\nBase settings (required):\n```\nAUTH_USER_MODEL = 'multauth.User'\nAUTHENTICATION_BACKENDS = (\n    'multauth.backends.ModelBackend',\n    # ...etc\n)\n\nMULTAUTH_FLOWS = (\n    # pattern: ('identifier', 'secret1', 'secret2', ...)\n    ('phone', 'hardcode', 'passcode'),\n    ('email', 'password', 'passcode'),\n    ('username', 'password'),\n    # ...etc\n)\n```\n\n\nExtra settings (optional):  \n(see built-in [services](./multauth/services), [providers](./multauth/providers) and [templates](./multauth/templates))  \n```\nMULTAUTH_SERVICES = [\n  'multauth.services.UsernameService',\n  'multauth.services.EmailService',\n  'multauth.services.PhoneService',\n] # by default\n\nMULTAUTH_DEBUG = True # False by default\nMULTAUTH_PASSCODE_LENGTH = 6 # size in digits\nMULTAUTH_PASSCODE_EXPIRY = 3600 # time in seconds\n\nMULTAUTH_SERVICE_EMAIL_PROVIDER = 'multauth.providers.MailProvider' # by default\nMULTAUTH_SERVICE_PHONE_PROVIDER = 'multauth.providers.TwilioProvider' # by default\n\nMULTAUTH_SERVICE_EMAIL_TEMPLATE_NAME = 'custom'\nMULTAUTH_SERVICE_EMAIL_VERIFICATION_VIEWNAME = 'custom'\nMULTAUTH_SERVICE_PHONE_TEMPLATE_NAME = 'custom'\n```\n\n\nProvider specific settings (could be required):  \n```\nMULTAUTH_PROVIDER_TWILIO_ACCOUNT_SID = 'SID'\nMULTAUTH_PROVIDER_TWILIO_AUTH_TOKEN = 'TOKEN'\nMULTAUTH_PROVIDER_TWILIO_CALLER_ID = 'CALLER_ID' # '+15005550006'\n\nMULTAUTH_PROVIDER_VONAGE_API_KEY = 'KEY'\nMULTAUTH_PROVIDER_VONAGE_API_SECRET = 'SECRET'\nMULTAUTH_PROVIDER_VONAGE_BRAND_NAME = 'BRAND_NAME' # 'Vonage APIs'\n```\n\n\n### Usage more\n\nCustom use cases and how to config or code them.\n\n\n#### APIs\n\nPackage contains full set of [rest api endpoints](./multauth/api/urls.py), but it's optional. To activate it, `djangorestframework\u003e=3.10.3` should be installed and the urls be included:\n```\nurlpatterns = [\n    path(r'^', include('multauth.api.urls')),\n]\n```\n\n\n#### User activation\n\nUsers are set as \"active\" on creation.\nThis behavior is not managed by settings for now (check for further updates).\n\n\n#### Services verification\n\nBy default all services are set as \"confirmed\" on creation.\nTo change this behavior extra settings should be added, for example:  \n```\nMULTAUTH_SERVICE_EMAIL_CONFIRMED = False\nMULTAUTH_SERVICE_PHONE_CONFIRMED = False\n...\n```\n\nNon-comfirmed services will automatically be called for verification (token/key to be sent) on creation or idenfier updates. To invoke verification manually, call api endpoints:\n- `multauth:signup-verification`\n\nor model methods:\n- `user.verify` for all non-confirmed services\n- `user.verify_email` for email\n- `user.verify_phone` for phone\n- ...\n\nAnd to complete verification process call api endpoints:\n- `multauth:signup-verification-phone` to post the token (ie passcode)\n- `multauth:signup-verification-email` to post the token (ie passcode)\n- `multauth:signup-verification-email-key` as a classic in-email link to pass the key\n- ...\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrenerd%2Fdjango-multifactor-authentication","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandrenerd%2Fdjango-multifactor-authentication","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrenerd%2Fdjango-multifactor-authentication/lists"}