Add support for installing multiple authentication managers
|Reported by:||Nicklas Nordborg||Owned by:||everyone|
It would be very nice if BASE could support multiple authentication managers for logging in. The use case is that some some user may, for example, have a !Yubikey already and want to use that while some user could just as well use OTP instead.
In one sense BASE already supports having more than one authentication manager installed. It will try them one at a time in some order. The "problem" is that the actual implementations are a bit picky and may not allow other types of authentication. For example, the Yubikey extension may block an OTP login before the OTP extension gets a chance to check if the login is correct or not.
Another problem is that the login form is also static and the first one (in some order) is selected by BASE. While some combinations may work between different extensions other combinations are impossible. For example, the OTP login form can be used with Yubikey if the login field is used for the Yubikey-generated value, but in the Yubikey login form there is no place to enter the 6 OTP digits. It would be nice to have a menu of installed login forms where the user can select which type of login to use.
Getting the BASE core and web client ready for this should not require that much work, but the actual implementations must also be updated to make them work together with other login managers.