Multiple authentication sources

[TitaniumHocker]

Is there plans for adding support or documentation(if it is already able to implement by hand) for multiple authentication sources?
For example making authentication via LDAP bind and if it succeeds - create user in DB based on information from directory, otherwise - try to authentication by DB.

May be integrate or re-implement something like Flask-Multipass...

[jwag956]

Sorry I didn't answer sooner - l have been thinking about this - however there are quite a few different use cases to consider. I did look at Flask-Multipass - a really nice, small, elegant extension.

To start, there are 2 somewhat separate pieces - first (and easiest) would be to require registration as today, and then offer an alternative way to authenticate (sort of like unified signin does with SMS, or the new WebAuthn support). This could use the authlib library for social auth or some other library for things like LDAP. Note that this would be for authn only - and once authenticated, just as today, a session would be set up and that would be used for authz for all further API calls. Allowing things like authz (permissions, scopes, etc) from an third-party would likely be way too complex.

The second part is integrating with registration process - I haven't thought too much about that - more complex I think - but possibly a couple hooks inside the register view might get us pretty close.

So - I can see this as a nice addition - not much design thought yet.