DEV Community

Mohamed M El-Kalioby
Mohamed M El-Kalioby

Posted on

Passkeys on Django

#django #passkeys

Passkeys is the state of the art technology standardized by FIDO Alliance to allow users to use generated Web Authication API credentials on a device to be used on another device.

For Demo, please refer to this webinar

The technology is now supported on Apple Ecosystem by the iOS 16 and iPadOS 16.1 and Mac OS X Ventura. Safari on these platforms can get credentials from Android or iOS based device. Android is currently in beta for passkey generation and Chromium based browsers (on PC and Laptop) allows picking up credentials from Android and iPhone/iPadOS.

Web Authencation API (and passkeys) is the only technology which is phishing resistant even during live Man-In-The-Middle attack, that is due to verification of the domain request to authenticate user on the authenticator to make sure it is the one registered credential before.

django-passkeys is a Django app that extends Django ModelBackend to provide a passkey authentication.

The application is a slim-down version of django-mfa2 which has been 🌟 more 150 times and downloaded round 135k. As this application did only one thing, it is much easier to integrate within your current application.

The steps needed to install and use the is in the README on GitHub repo.

GitHub logo mkalioby / django-passkeys

Django Authentication Backend For Passkeys

django-passkeys

PyPI version Downloads Downloads / Month build Coverage

Django Versions Python Versions

An extension to Django ModelBackend backend to support passkeys.

Passkeys is an extension to Web Authentication API that will allow the user to login to a service using another device.

This app is a slim-down version of django-mfa2

Passkeys are now supported on

  • Apple Ecosystem (iPhone 16.0+, iPadOS 16.1, Mac OS X Ventura)
  • Chromium based browsers (on PC and Laptop) allows picking up credentials from Android and iPhone/iPadOS.
  • Android Credentials creation for ResidentKeys is currently in live now.

On May 3, 2023, Google allowed the use of Passkeys for the users to login, killing the password for enrolled users.

Installation

pip install django-passkeys

Currently, it support Django 2.0+, Python 3.7+

Usage

  1. in your settings.py add the application to your installed apps

    INSTALLED_APPS=(
'......'
'passkeys'
'......')
    Enter fullscreen mode Exit fullscreen mode

  2. Collect Static Files python manage.py collectstatic

  3. Run migrate python manage.py migrate

  4. Add the following settings to your file

     AUTHENTICATION_BACKENDS
    …
    Enter fullscreen mode Exit fullscreen mode
View on GitHub

Have fun :)

Top comments (0)

Read next

pelvid profile image

New To react

Pelvid -

poetaman profile image

manpage art, man is still alive

poetaman -

tanujav profile image

Insertion Sort in Java (With Intuition + Dry run + Code)

Alysa -

ingigauti profile image

Bot posting on twitter using Plang

Ingi -