Hi,
In light of what happened to the ctx package, this is a good time to get a conclusion on the following topic. I opened a PR <https://github.com/django/django/pull/15670> based on an accepted ticket <https://code.djangoproject.com/ticket/25612> and a discussion <https://groups.google.com/g/django-developers/c/T-kBSvry6z0/>. The PR implements 2fa but excludes WebAuthn, leaving it out as an alternative to Django password-based auth. But an idea on GitHub was forwarded that the PR won’t be accepted without at least supporting WebAuthn. While 2fa is one use case of WebAuthn, the primary use case, in my opinion, is providing an alternative to or a replacement for password-based authentication. Regardless of its use case, the implementation of WebAuthn does not have a lot in common with the opened PR. Instead of taking the all-or-nothing approach, doesn’t it make more sense to work on the opened PR--making Django more secure--and support WebAuthn when someone in the future opens a PR for either or both of the use cases? Thanks! -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/be8111ae-91e5-45f0-b0b7-8ab737e40761n%40googlegroups.com.
