Password-less authentication with django-mfa2
Sirneij opened this issue · 5 comments
I need a password-less system, registration should only require some special alphanumeric characters
as username and surname
as display name. Clicking register should bring up the platform's fingerprint scanner and touching it should send the hashed challenge as well as the username and display name to the database for storage. Then, users whose credentials have been saved can login with only their username
and fingerprint. No password in the entire process. I have implemented this with DUO lab's webauthn
but it supports fewer attestation formats
and I need to support all attestation formats including tpm
, android-safetynet
, and apple
.
Can I have a concrete example of django-mfa2
with this flow and requirement? No password in the entire process.
Easy, you create the registration form on 2 steps, the first one the user fills in his info and you create the user in the Database, authenticate the user, and redirect to 'fido2_begin_reg' which will invoke the webauthn API in the browser so the user will complete the registration of his token, and you can save the base_username cookie in the first phase so that the user is asked directly for the token.
Hope it works.
You can start and I can help as really I don't have the time for it.
Okay. I will send in the link soon
@mkalioby This is the link to the repo django-mfa2-example. Regirecting to fido2_begin_reg
downloads one file like that and nothing else.