django-fido 0.20

Django application for FIDO protocol

django-fido

Django application for FIDO protocol

Django-fido provides basic components for FIDO 2 authentication - model to store user's FIDO 2 authenticator data and basic views.

Table of Contents

• Dependencies
• Configuration
• Changes
• Testing
• License

Dependencies

• Python 3.5 and higher
• Django >= 1.11

Configuration

1. Add django_fido to INSTALLED_APPS.

2. Add django_fido.backends.Fido2AuthenticationBackend to AUTHENTICATION_BACKENDS.

3. Link django-fido URLs into your urls.py:

   urlpatterns += [
      url(r'', include('django_fido.urls')),
   ]
   

4. If you wish, set string variable DJANGO_FIDO_RP_NAME.

One step authentication

You can also decide to use one step authentication. In this case, you will use just one authentication form, that will collect username, password and FIDO2 credentials. In addition to the configuration above, you also need to:

1. Set DJANGO_FIDO_TWO_STEP_AUTH to False.
2. Replace django_fido.backends.Fido2AuthenticationBackend with django_fido.backends.Fido2GeneralAuthenticationBackend in AUTHENTICATION_BACKENDS.
3. Set DJANGO_FIDO_AUTHENTICATION_BACKENDS to the list of your additional authentication backends, if you use others than django.contrib.auth.backends.ModelBackend.
4. Set data-autosubmit-off attribute on the form element of your login page.

Please note that your login form must have a field named username, even if your USERNAME_FIELD is not username.

Changes

See changelog.

Testing

Use tox to run tests

tox

License

See LICENSE.

Changelog

0.20

• Fix Django 3.0 compatibility issues in templates

0.19

• Added class attribute attestation_types to Fido2ViewMixin to specify allowed attestation types during registration.
• Set default value of setting DJANGO_FIDO_AUTHENTICATION_BACKENDS to list containing django.contrib.auth.backends.ModelBackend

0.18

• Fix issue caused by default value of DJANGO_FIDO_AUTHENTICATION_BACKENDS. It is now empty list.

0.17

• BREAKING Replace Fido2ModelAuthenticationBackend with more general Fido2GeneralAuthenticationBackend.

0.16

• BREAKING Authenticator label has to be unique for user. This can potentialy break if you have multiple tokens for user.
• Add authenticator admin.
• Add one step authentication.

0.15

• Add DJANGO_FIDO_RP_NAME setting.
• Add back autosubmit on login view.
• Display error in login view on server request error.

0.14

• Add label to Authenticator model.
• Remove autosubmit on registration view.
• Update JS dependencies.

0.13

• Support fido2 0.6-0.8.
• Add support for python 3.8.
• Fixup annotations.

0.12

• Fix dependencies (add webpack-cli).

0.11

• Fix webpack output path.

0.10

• Fix dependencies (add webpack).

0.9

• Refactor JS code.
• Update setup.
• Add bumpversion.

0.8

• Fix JS translation lazynes.
• For empty values, submit button reload page.

0.7

• Add credential ID field.
• Drop credential_data field.
• Update error messages.
• Mark django-fido as typed.
• Add JS hooks.

0.6

• Use FIDO 2 instead of U2F.
• Drop python 2.7.
• Add annotations and mypy check.
• Move repository to a CZ.NIC account.

0.5

• Fix JS translation lazynes

0.4

• Update JS messages.
• Drop unused polint environment in tox.

0.3

• Store attestation certificate in database #6
• Install package data #7

0.2

• Accept any arguments in BaseU2fRequestView.get
• Add czech translations
• Fix links in README

0.1

• Initial version