This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

django-u2f provides support for FIDO U2F security tokens in Django. The functionality is similar to the Security Key two-factor authentication that Google recently announced, and uses the same tokens.

django-u2f isn’t yet production ready, but is a working proof of concept. There are many TODOs sprinkled around the code that should be fixed before relying on it.


Add django_u2f to INSTALLED_APPS and include django_u2f.urls somewhere in your url patterns. Set LOGIN_URL = 'u2f:login'. Make sure that Django’s built in login view does not not have a urlpattern, because it will authenticate users without their second factor. django-u2f provides its own login view to handle that.


To see a demo, use the test project included in the repo. Install django-u2f with pip install -e ., then install the demo-specific requirements with cd testproj; pip install -r requirements.txt. Run syncdb and create a user, create a self-signed certificate with ./, then start ./ runserver_plus --cert localhost.

For now the only supported browser is Chrome, version 41 or higher. U2F also requires that the page is served over a secure connection.

Start by going to https://localhost:8000/u2f/login. Since you haven’t added any security keys yet, you will be logged in with just a username and password. Once logged in, click ‘Add another key’ on the key management page and follow the instructions. Now your account is protected by two factor authentication, and when you log in again your U2F token will be required.

You can administrate the keys attached to your account on the key management page as well, at the URL https://localhost:8000/u2f/keys.

Using U2F keys on linux

Some distros don’t come with udev rules to make USB HID /dev/ nodes accessible to normal users. If your key doesn’t light up and start flashing when you expect it to, this might be what is happening. See and for some discussion of the rule to make it accessible. If you just want a quick temporary fix, you can run sudo chmod 666 /dev/hidraw* every time after you plug in your key (The files disappear after unplugging).

Release History

Release History


This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django-u2f-0.1.0.tar.gz (17.5 kB) Copy SHA256 Checksum SHA256 Source Apr 15, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting