I'm looking to implement django-allauth for an existing project, mainly to add OTP and SSO.

I have an SPA so I would need the allauth API as documented here.

However, since this requires quite a lot of refactoring I'm a bit hesitant to just throw this app in there, and I can't really tell if it's possible to do what I want from just the documentation.

Depending on the Organization a user belongs to (or is invited to), there might be different requirements.

I need to be able to enforce OTP or SSO (from a specific provider), but only for certain users. This applies to both existing and new users.

Example flows:

• New user is invited to an anization with OTP enforcement
  • User signs up
  • User accepts invite
  • User is forced to setup OTP because of anization policy
• New user is invited to an anization with SSO enforcement
  • Because of SSO, user can only sign up with specific SSO
• An anization adds the enforcement of OTP for their users
  • Any existing anization user that logs in will have to setup OTP before continuing
• Existing user is invited to anization with policy
  • User logs in
  • User accepts invite
  • User is forced to add OTP/SSO to conform to policy

With the last one it could be tricky with conflicting policies but that is something we can handle later.

Can django-allauth handle such cases? Or am I better off implementing something more custom?

Any pointers to code, pseudocode examples and flows that help me understand how this would work in my scenario would be much appreciated!