Django application for FIDO protocol
Django-fido provides basic components for FIDO 2 authentication - model to store user's FIDO 2 authenticator data and basic views.
- Python 3.5 and higher
- Django >= 1.11
-
Add
django_fidotoINSTALLED_APPS. -
Add
django_fido.backends.Fido2AuthenticationBackendtoAUTHENTICATION_BACKENDS. -
Link django-fido URLs into your
urls.py:urlpatterns += [ url(r'', include('django_fido.urls')), ] -
If you wish, set string variable
DJANGO_FIDO_RP_NAME.
You can also decide to use one step authentication. In this case, you will use just one authentication form, that will collect username, password and FIDO2 credentials. In addition to the configuration above, you also need to:
- Set
DJANGO_FIDO_TWO_STEP_AUTHtoFalse. - Replace
django_fido.backends.Fido2AuthenticationBackendwithdjango_fido.backends.Fido2GeneralAuthenticationBackendinAUTHENTICATION_BACKENDS. - Set
DJANGO_FIDO_AUTHENTICATION_BACKENDSto the list of your additional authentication backends, if you use others thandjango.contrib.auth.backends.ModelBackend. - Set
data-autosubmit-offattribute on the form element of your login page.
Please note that your login form must have a field named username, even if your USERNAME_FIELD is not username.
If you want to be able to download authenticator metadata, you need to set DJANGO_FIDO_METADATA_SERVICE setting which is a dictionary.
The MDS is available in two versions v2 (deprecated) and v3 (current).
If you want to use MDSv2, you have to set a valid ACCESS_TOKEN.
If you want to use MDSv3, you have to set MDS_FORMAT to 3 and set a valid URL providing the MDSv3 data.
Then you can periodically run the download_authenticator_metadata management command.
If metadata are available for the given Authenticator, its metadata property will be an object.
The level, vulnerabilities and is_update_available methods on metadata can be used to determine the trust and certification level.
See changelog.
Use tox to run tests
tox
See LICENSE.