FIDO2/WebAuthn library for implementing clients and servers.
Project description
== python-fido2
image:https://github.com/Yubico/python-fido2/workflows/build/badge.svg["Github actions build", link="https://github.com/Yubico/python-fido2/actions"]
Provides library functionality for communicating with a FIDO device over USB as
well as verifying attestation and assertion signatures.
NOTE: Version 2.0 is now released. For help with migration from version 1.x, see
link:doc/Migration_1-2.adoc[the migration guide].
This library aims to support the FIDO U2F and FIDO 2 protocols for
communicating with a USB authenticator via the Client-to-Authenticator Protocol
(CTAP 1 and 2). In addition to this low-level device access, classes defined in
the `fido2.client` and `fido2.server` modules implement higher level operations
which are useful when interfacing with an Authenticator, or when implementing
WebAuthn support for a Relying Party.
For usage, see the `examples/` directory and
link:https://developers.yubico.com/python-fido2/API_Documentation/[API documentation].
=== References
These links related to WebAuthn and FIDO2 can help you get started:
* Yubico WebAuthn/FIDO2 guide: https://developers.yubico.com/FIDO2/
* W3C WebAuthn specification: https://www.w3.org/TR/webauthn/
* FIDO specifications: https://fidoalliance.org/specifications/download/
=== License
This project, with the exception of the files mentioned below, is licensed
under the BSD 2-clause license.
See the _COPYING_ file for the full license text.
This project contains source code from pyu2f (https://github.com/google/pyu2f)
which is licensed under the Apache License, version 2.0.
These files are located in `fido2/hid/`.
See http://www.apache.org/licenses/LICENSE-2.0,
or the _COPYING.APLv2_ file for the full license text.
This project also bundles the public suffix list (https://publicsuffix.org)
which is licensed under the Mozilla Public License, version 2.0.
This file is stored as `fido2/public_suffix_list.dat`.
See https://mozilla.org/MPL/2.0/,
or the _COPYING.MPLv2_ file for the full license text.
=== Requirements
fido2 is compatible with Python 3.10 and later, and is tested on Windows, MacOS,
and Linux. Support for OpenBSD, FreeBSD, and NetBSD is provided as-is and
relies on community contributions.
=== Installation
fido2 is installable by running the following command:
pip install fido2
To install the dependencies required for communication with NFC authenticators,
instead use:
pip install fido2[pcsc]
Under Windows 10 (1903 or later) access to FIDO devices is restricted and
requires running as Administrator. This library can still be used when running
as non-administrator, via the `fido.client.WindowsClient` class. An example of
this is included in the file `examples/credential.py`.
Under Linux you will need to add a Udev rule to be able to access the FIDO
device, or run as root. For example, the Udev rule may contain the following:
----
#Udev rule for allowing HID access to Yubico devices for FIDO support.
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", \
MODE="0664", GROUP="plugdev", ATTRS{idVendor}=="1050"
----
There may be a package already available for your distribution that does this
for you, see:
https://support.yubico.com/hc/en-us/articles/360013708900-Using-Your-U2F-YubiKey-with-Linux
Under FreeBSD you will either need to run as root or add rules for your device
to /etc/devd.conf, which can be automated by installing security/u2f-devd:
# pkg install u2f-devd
==== Dependencies
This project depends on Cryptography. For instructions on installing this
dependency, see https://cryptography.io/en/latest/installation/.
NFC support is optionally available via PC/SC, using the pyscard library. For
instructions on installing this dependency, see
https://github.com/LudovicRousseau/pyscard/blob/master/INSTALL.md.
=== Development
For development of the library we use https://python-poetry.org/[poetry]. To
set up the dev environment, run this command in the root directory of the
repository:
poetry install
We also use https://pre-commit.com/[pre-commit] to run some scans on the code
prior to committing.
==== Running tests
While some tests can run on their own, most require a connected FIDO2 device to run.
WARNING: These tests are destructive, and will factory reset the device under test.
As a safety precaution, the tests will only run on a device that is in a newly reset
state, as far as the test runner can tell.
poetry run pytest
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
fido2-2.0.0.tar.gz
(274.9 kB
view details)
Built Distribution
fido2-2.0.0-py3-none-any.whl
(224.8 kB
view details)
File details
Details for the file fido2-2.0.0.tar.gz.
File metadata
- Download URL: fido2-2.0.0.tar.gz
- Upload date:
- Size: 274.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.12.3 Linux/6.8.0-58-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3061cd05e73b3a0ef6afc3b803d57c826aa2d6a9732d16abd7277361f58e7964
|
|
| MD5 |
2f3a157e28808c7a34d6ddd88db0aa5d
|
|
| BLAKE2b-256 |
8db96ec8d8ec5715efc6ae39e8694bd48d57c189906f0628558f56688d0447b2
|
File details
Details for the file fido2-2.0.0-py3-none-any.whl.
File metadata
- Download URL: fido2-2.0.0-py3-none-any.whl
- Upload date:
- Size: 224.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.2 CPython/3.12.3 Linux/6.8.0-58-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
685f54a50a57e019c6156e2dd699802a603e3abf70bab334f26affdd4fb8d4f7
|
|
| MD5 |
2bcbc0c217432c45d7740370b3fdb51f
|
|
| BLAKE2b-256 |
4c7da1dba174d7ec4b6b8d6360eed0ac3a4a4e2aa45f234e903592d3184c6c3f
|
