Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature request] Passkeys #744

Closed
AlmerCarbonEquity opened this issue Nov 15, 2024 · 8 comments
Closed

[Feature request] Passkeys #744

AlmerCarbonEquity opened this issue Nov 15, 2024 · 8 comments

Comments

@AlmerCarbonEquity
Copy link

Are there any plans to add support for passkeys as a 2fa method?

@moggers87
Copy link
Collaborator

Passkeys? Do you mean like backup tokens or something else?

@AlmerCarbonEquity
Copy link
Author

@moggers87 I mean logging in with finger prints etc. It is based on WebAuthn: https://www.google.com/account/about/passkeys/

@hanckmann
Copy link

I second the request for passkeys support.
It would really help bring Django and this plugin up to the latest security standards.

@hanckmann
Copy link

And I just came across webauth: https://en.wikipedia.org/wiki/WebAuthn
Which seems to be the same/similar to passkeys.

These seem to be supported: https://django-two-factor-auth.readthedocs.io/en/stable/installation.html#webauthn-setup

Maybe @moggers87 can confirm this?
I have not yet used it (but will test this in the comming weeks).

@moggers87
Copy link
Collaborator

I can confirm that WebAuthn is supported but I'm not sure if there are any extra steps required to use passkeys with our WebAuthn plugin

@AlmerCarbonEquity
Copy link
Author

@moggers87 I took a look at your webauthn example app and seems to work! So I'd say passkeys are supported. 1 thing that I think is missing that would make this package full fill all our needs is direct login with the passkey. I think it is considered safe enough to only need fingerprint/face id for login. Would be great to see this feature.

@moggers87
Copy link
Collaborator

Thanks for testing! Good to know it works 😸

1 thing that I think is missing that would make this package full fill all our needs is direct login with the passkey

I don't think that would be possible with this package. You want might to look at other Django packages that are specific to WebAuthn.

@hanckmann
Copy link

Sorry for reopening this issue.
I was just trying to implement passkeys into my application. Webauth seems to be easy enough to install, but I have no idea how to setup a passkey afterwards. The browser is not triggered into requesting a passkey and as a result, my Bitwarden plugin does not offer anything.

This is not my area of expertise, but I would expect this to be fairly straightforward if this packages wants to claim passkey support. Maybe it is a documentation issue which does not describe any details on this process, or the implementation is incomplete for passkeys.

Any thoughts?
Did you manage to get a passkey setup as seconds factor? If so, how?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants