Skip to main content

FIDO U2F security token support for Django

Project description

Build Status

django-u2f provides support for FIDO U2F security tokens in Django. The functionality is similar to the Security Key two-factor authentication that Google recently announced, and uses the same tokens.

django-u2f isn’t yet production ready, but is a working proof of concept. There are many TODOs sprinkled around the code that should be fixed before relying on it.

Installation

$ pip install django-u2f

Add django_u2f to INSTALLED_APPS and include django_u2f.urls somewhere in your url patterns. Set LOGIN_URL = 'u2f:login'. Make sure that Django’s built in login view does not not have a urlpattern, because it will authenticate users without their second factor. django-u2f provides its own login view to handle that.

Demo

To see a demo, use the test project included in the repo and perform the following steps (using virtualenv is optional):

git clone https://github.com/gavinwahl/django-u2f
cd django-u2f
virtualenv -p python3 venv
source venv/bin/activate
pip install -e .
cd testproj
pip install -r requirements.txt
python manage.py migrate
python manage.py createsuperuser

# finally create a self-signed certificate and start the webserver
./mkcert.sh
python manage.py runserver_plus --cert localhost

For now the only supported browser is Chrome, version 41 or higher. U2F also requires that the page is served over a secure connection.

Start by going to https://localhost:8000/u2f/login. Since you haven’t added any security keys yet, you will be logged in with just a username and password. Once logged in, click ‘Add another key’ on the key management page and follow the instructions. Now your account is protected by two factor authentication, and when you log in again your U2F token will be required.

You can administrate the keys attached to your account on the key management page as well, at the URL https://localhost:8000/u2f/keys.

Using U2F keys on linux

Some distros don’t come with udev rules to make USB HID /dev/ nodes accessible to normal users. If your key doesn’t light up and start flashing when you expect it to, this might be what is happening. See https://github.com/Yubico/libu2f-host/issues/2 and https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules for some discussion of the rule to make it accessible. If you just want a quick temporary fix, you can run sudo chmod 666 /dev/hidraw* every time after you plug in your key (The files disappear after unplugging).

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-u2f-1.0.1.tar.gz (18.3 kB view details)

Uploaded Source

File details

Details for the file django-u2f-1.0.1.tar.gz.

File metadata

  • Download URL: django-u2f-1.0.1.tar.gz
  • Upload date:
  • Size: 18.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.8.10

File hashes

Hashes for django-u2f-1.0.1.tar.gz
Algorithm Hash digest
SHA256 3b94f07456fcd31c2f6576576718495af0e345dcfcbeb24ea4de8f7b7cb0f01c
MD5 3402aafb006a5fb7b299db15e168f5f2
BLAKE2b-256 3c278f5e2117d3692c5f87dd648f95db05d2b0191c112056ec133ca3f9e45bd8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page