I just published the first version of a new package, django-unique-user-email.
By making the email field of Django’s default User model unique, unique-user-email enables you to login-by-email without having to use a custom user model.
I’ve long felt that login-by-email was the one the majority of users wanted, and that custom user models are something of a sledgehammer if you just want to crack that little nut.
Unique-user-email, then, shows you how to do it without the custom user model.
I need to potter on a discussion on more of the Why here, but in essence I think Django should not be pushing users into customising the core authentication and identity model.
Django's leaky battery is its recommendation that you create a custom user model. Auth is so central and so standard that, into the high-nines (99.99%?), the vast majority of projects should never need to customise the central auth model. This is a battery that Django should very much provide.
I know this goes against the accepted grain, but I think we gave up too early on being able to make changes here, and as a result, we’ve internalised a suboptimal situation as being a feature. (I joked on Mastodon about this being Stockholm Syndrome — but is there another word for it? 🤔)
Making profile data part of your app: absolutely — but the core authentication and identity model? Almost never.
I think we make Django way more complicated for beginners than we need to do because of this problem.
Anyhow, that discussion is something I’ve got to work on. For now, unique-user-email is a tool you can use, and a proof-of-concept for how we could make login-by-email available for the legions who are using auth.User in Django already.
Please let me know what you think. Enjoy 🚀