DEV Community

Mohamed M El-Kalioby
Mohamed M El-Kalioby

Posted on

 

Passkeys on Django

Passkeys is the state of the art technology standardized by FIDO Alliance to allow users to use generated Web Authication API credentials on a device to be used on another device.

For Demo, please refer to this webinar

The technology is now supported on Apple Ecosystem by the iOS 16 and iPadOS 16.1 and Mac OS X Ventura. Safari on these platforms can get credentials from Android or iOS based device. Android is currently in beta for passkey generation and Chromium based browsers (on PC and Laptop) allows picking up credentials from Android and iPhone/iPadOS.

Web Authencation API (and passkeys) is the only technology which is phishing resistant even during live Man-In-The-Middle attack, that is due to verification of the domain request to authenticate user on the authenticator to make sure it is the one registered credential before.

django-passkeys is a Django app that extends Django ModelBackend to provide a passkey authentication.

The application is a slim-down version of django-mfa2 which has been 🌟 more 150 times and downloaded round 135k. As this application did only one thing, it is much easier to integrate within your current application.

The steps needed to install and use the is in the README on GitHub repo.

GitHub logo mkalioby / django-passkeys

Django Authentication Backend Using Passkeys

django-passkeys

An extension to Django ModelBackend backend to support passkeys.

Passkeys is an extension to Web Authentication API that will allow the user to login to a service using another device.

This app is a slim-down version of django-mfa2

Passkeys are now supported on

  • Apple Ecosystem (iPhone 16.0+, iPadOS 16.1, Mac OS X Ventura)
  • Chromium based browsers (on PC and Laptop) allows picking up credentials from Android and iPhone/iPadOS.
  • Android Credentials creation for ResidentKeys is currently in Beta.

Installation

pip install django-passkeys

Currently, it support Django 2.0+, Python 3.7+

Usage

  1. in your settings.py add the application to your installed apps

    INSTALLED_APPS=(
    '......'
    'passkeys'
    '......')
    Enter fullscreen mode Exit fullscreen mode
  2. Collect Static Files python manage.py collectstatic

  3. Run migrate python manage.py migrate

  4. Add the following settings to your file

     AUTHENTICATION_BACKENDS = ['passkeys.backend.PasskeyModelBackend'] # Change your authentication backend
     FIDO_SERVER_ID="localhost"      # Server rp id for FIDO2, it the full domain
    Enter fullscreen mode Exit fullscreen mode

Have fun :)

Top comments (0)

Timeless DEV post...

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It's not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I'm talking about Git and version control of course.

One does not simply learn git