Skip to content

DEV Community

Mohamed M El-Kalioby

Posted on Oct 29, 2022

Passkeys on Django

#django #passkeys

Passkeys is the state of the art technology standardized by FIDO Alliance to allow users to use generated Web Authication API credentials on a device to be used on another device.

For Demo, please refer to this webinar

The technology is now supported on Apple Ecosystem by the iOS 16 and iPadOS 16.1 and Mac OS X Ventura. Safari on these platforms can get credentials from Android or iOS based device. Android is currently in beta for passkey generation and Chromium based browsers (on PC and Laptop) allows picking up credentials from Android and iPhone/iPadOS.

Web Authencation API (and passkeys) is the only technology which is phishing resistant even during live Man-In-The-Middle attack, that is due to verification of the domain request to authenticate user on the authenticator to make sure it is the one registered credential before.

django-passkeys is a Django app that extends Django ModelBackend to provide a passkey authentication.

The application is a slim-down version of django-mfa2 which has been 🌟 more 150 times and downloaded round 135k. As this application did only one thing, it is much easier to integrate within your current application.

The steps needed to install and use the is in the README on GitHub repo.

mkalioby / django-passkeys

Django Authentication Backend Using Passkeys

django-passkeys

An extension to Django ModelBackend backend to support passkeys.

Passkeys is an extension to Web Authentication API that will allow the user to login to a service using another device.

This app is a slim-down version of django-mfa2

Passkeys are now supported on

Apple Ecosystem (iPhone 16.0+, iPadOS 16.1, Mac OS X Ventura)
Chromium based browsers (on PC and Laptop) allows picking up credentials from Android and iPhone/iPadOS.
Android Credentials creation for ResidentKeys is currently in Beta.

Installation

pip install django-passkeys

Currently, it support Django 2.0+, Python 3.7+

Usage

in your settings.py add the application to your installed apps
```
INSTALLED_APPS=(
'......'
'passkeys'
'......')
```
Collect Static Files python manage.py collectstatic
Run migrate python manage.py migrate

Add the following settings to your file

 AUTHENTICATION_BACKENDS = ['passkeys.backend.PasskeyModelBackend'] # Change your authentication backend
 FIDO_SERVER_ID="localhost"      # Server rp id for FIDO2, it the full domain

…

Have fun :)

Top comments (0)

Subscribe

Timeless DEV post...

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It's not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I'm talking about Git and version control of course.

One does not simply learn git

Read next

Django + PostgreSQL Deployment on Railway App

Meet Rajesh Gor - Jul 22 '22

🚀 DownTube - Content Downloader

Dev Anand - Jul 21 '22

The Django way ...

FRANCIS ODERO - Jul 20 '22

Testing with Django REST Framework

Jean-Michel Plourde - Jul 19 '22

Mohamed M El-Kalioby

A Developer with round 15 years experience

Location

Riyadh, Saudi Arabia
Education

MSc of Software Engineering and Bioinformatics
Work

Senior Technical Specialist at King Faisal Specialist Hospital & Research Center
Joined

Sep 6, 2020

Django Sheet Upload

#django #excel #batch

Running Private Docker Registry for Kubernetes

#kubernetes #docker #django #ubuntu

Django on K8s (Part VI: Advanced Topics)

#django #kubernetes #docker #ubuntu

🌚 Life is too short to browse without dark mode

You can customize your theme, font, and more when you are signed in.