Django-allauth: enforce policies for certain users
I'm looking to implement django-allauth for an existing project, mainly to add OTP and SSO.
I have an SPA so I would need the allauth API as documented here.
However, since this requires quite a lot of refactoring I'm a bit hesitant to just throw this app in there, and I can't really tell if it's possible to do what I want from just the documentation.
Depending on the Organization a user belongs to (or is invited to), there might be different requirements.
I need to be able to enforce OTP or SSO (from a specific provider), but only for certain users. This applies to both existing and new users.
Example flows:
- New user is invited to an organization with OTP enforcement
- User signs up
- User accepts invite
- User is forced to setup OTP because of organization policy
- New user is invited to an organization with SSO enforcement
- Because of SSO, user can only sign up with specific SSO
- An organization adds the enforcement of OTP for their users
- Any existing organization user that logs in will have to setup OTP before continuing
- Existing user is invited to organization with policy
- User logs in
- User accepts invite
- User is forced to add OTP/SSO to conform to policy
With the last one it could be tricky with conflicting policies but that is something we can handle later.
Can django-allauth handle such cases? Or am I better off implementing something more custom?
Any pointers to code, pseudocode examples and flows that help me understand how this would work in my scenario would be much appreciated!