PitchHut logo
Log in / Sign up
django-passkeys
by
mkalioby
Streamline user authentication with passkeys in Django applications.
Preview url
Visit project
Pitch

django-passkeys is an extension to the Django ModelBackend, enabling seamless user login via passkeys. This innovative solution simplifies authentication by leveraging the Web Authentication API, making it compatible with various devices and platforms, including the Apple ecosystem and Chromium-based browsers.

Description

django-passkeys is a powerful Django extension designed to enhance user authentication by integrating support for passkeys. This innovative approach leverages the Web Authentication API, enabling users to log in securely using another device, effectively phasing out traditional passwords for enrolled users.

Key Features:

  • Flexible Authentication: Extends Django's ModelBackend to support passkeys, providing enhanced security and user experience.
  • Cross-Platform Support: Compatible with major platforms, including:
    • Apple's ecosystem (iOS 16.0+, iPadOS 16.1, macOS Ventura)
    • Chromium-based browsers on PCs and laptops, allowing easy credential access from Android and iOS devices.
    • Active integration with Android for creating ResidentKeys.
  • Simple Integration: Easily integrate into your Django application with minimal configuration.

Quick Usage Guide:

To integrate django-passkeys into your application:

  1. Add passkeys to your INSTALLED_APPS in settings.py: 
    INSTALLED_APPS = (
    '......',
    'passkeys',
    '......'
)
  2. Configure your authentication backend and other relevant settings: 
    AUTHENTICATION_BACKENDS = ['passkeys.backend.PasskeyModelBackend']  
FIDO_SERVER_ID = "localhost"  
FIDO_SERVER_NAME = "TestApp"  
import passkeys  
KEY_ATTACHMENT = None | passkeys.Attachment.CROSS_PLATFORM | passkeys.Attachment.PLATFORM
  3. Add the necessary URL patterns to your urls.py: 
    urlpatterns = [
    '...',
    url(r'^passkeys/', include('passkeys.urls')),
    '....',
]
  4. For a seamless user experience, implement the authentication process in your login view: 
    user = authenticate(request, username=request.POST["username"], password=request.POST["password"])
  5. Use the built-in templating and JavaScript functionalities for an intuitive login experience.

Detecting Passkey Usage:

Once integrated, you can easily check if a user has utilized a passkey during login. The session will contain a passkey key that indicates whether the user logged in via passkey:

{'passkey': True, 'name': 'Chrome', 'id': 2, 'platform': 'Chrome on Apple', 'cross_platform': False}

Enhance Security with Conditional UI:

Starting from version v1.2, add webauthn to the autocomplete field to prompt users to use passkeys, providing a smoother and more secure authentication process.

<input name="username" placeholder="username" autocomplete="username webauthn">

With contributions from dedicated developers and ongoing improvements, django-passkeys is on the cutting edge of authentication technology in Django applications. Join the movement toward password-free and secure user experiences today!

0 comments

No comments yet.

Sign in to be the first to comment.