Description
Rework the model to make a distinction between account (representing a person using the website or app) and identify (login information such as email/password, facebook token, google login token, client-generated opaque token for a login-less phone app).
Rename BaseUser to BaseAccount. Projects can override it to add required fields, handle multi-tenancy with an Organization or Team concept, etc. An account is linked to 0 or more identities.
Move email/password fields to EmailIdentity model and table. Add another identity model for facebook fields (#14). Each identity provider has its authentication backend to check credentials and return a token. Account admin can have an inline class for each identity model.
Subclasses of BaseAccount work as custom user model. It is really useful to integrate with everything that needs request.user.
Active sessions (#9) can have foreign key to account and generic foreign key to identity models.
In another ticket: add BaseAdminAccount, a proxy subclass with base admin (filter querysets on is_staff=True, hide is_staff in admin forms, etc). Now admin separates clearly the user accounts (can log into the site with various identities, have custom data, etc.) and the administrators (all privileges, must log with email, no app-custom data, careful zone). And it is still possible to provide automatic app access if you have an admin account with a custom identity class!