[Exploratory] Dynamic login methods configuration

[heysamtexas]

Description

EXPLORATORY TICKET - Research making django-allauth login methods configurable through admin interface.

⚠️ Complexity Warning: Login methods affect core authentication flow. Changes could break existing user sessions or authentication patterns.

Current State

Login methods hardcoded in settings.py:

• ACCOUNT_LOGIN_METHODS = {"email"}
• ACCOUNT_LOGIN_BY_CODE_ENABLED = False

Research Goals

• Test if ACCOUNT_LOGIN_METHODS can be dynamically overridden
• Investigate session/authentication compatibility issues
• Research magic link login dynamic configuration
• Document migration path for existing users

Potential Implementation

Add fields to SiteConfiguration:

• allowed_login_methods - JSON field for login methods
• magic_link_enabled - Boolean for code-based login

Critical Questions

1. Do login method changes affect existing sessions?
2. Can we safely switch between username/email login?
3. What happens to users mid-authentication flow?
4. Are there security implications of dynamic auth methods?

Risk Assessment

• High Risk: Changes to core authentication behavior
• Session Impact: May affect logged-in users
• Migration Complexity: Existing user accounts may need updates

Labels: research, django-allauth, high-risk, complexity-warning
Priority: Low (Research only - proceed with caution)