A WebAuthn Python module.
Project description
# PyWebAuthn
[](https://pypi.python.org/pypi/webauthn)
[](https://raw.githubusercontent.com/duo-labs/py_webauthn/master/LICENSE)
PyWebAuthn is a Python module which can be used to handle [WebAuthn][1] registration and assertion. Currently, WebAuthn is supported in [Firefox][2], [Chrome][3], and [Edge][4].
# Installation
`pip install webauthn`
# Usage
Generating credential options, (to be passed to `navigator.credentials.create`):
```python
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge,
rp_name,
rp_id,
user_id,
username,
display_name,
icon_url)
```
Creating a `WebAuthnUser` object. Used during the assertion (login) process:
```python
webauthn_user = webauthn.WebAuthnUser(
user.id,
user.username,
user.display_name,
user.icon_url,
user.credential_id,
user.pub_key,
user.sign_count,
user.rp_id)
```
Generating assertion options, (to be passed to `navigator.credentials.get`):
```python
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user,
challenge)
```
Verifying a registration response, (result of `navigator.credentials.create`):
```python
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
# Create User
```
Verifying an assertion response, (result of `navigator.credentials.get`):
```python
webauthn_user = webauthn.WebAuthnUser(
user.ukey,
user.username,
user.display_name,
user.icon_url,
user.credential_id,
user.pub_key,
user.sign_count,
user.rp_id)
webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
webauthn_user,
assertion_response,
challenge,
origin,
uv_required=False) # User Verification
try:
sign_count = webauthn_assertion_response.verify()
except Exception as e:
return jsonify({'fail': 'Assertion failed. Error: {}'.format(e)})
# Update counter.
user.sign_count = sign_count
```
# Flask Demo
There is a [Flask][5] demo available in the `flask_demo` directory. Follow these steps to run the Flask web app:
1. `cd flask_demo`
2. `pip install -r requirements.txt`
3. `python create_db.py`
4. `python app.py`
5. Go to [https://localhost:5000][6] in your web browser. Try registering and logging in with a compatible U2F or WebAuthn authenticator.
6. Profit?
# Flask Demo (Docker)
To run the [Flask][5] demo with [Docker][7]:
1. Install Docker.
2. `docker-compose up -d`
3. Go to [https://localhost:5000][6] in your web browser. Try registering and logging in with a compatible U2F or WebAuthn authenticator.
# Note
Currently, PyWebAuthn does not support performing the following verifications.
* [Token Binding ID][8]
* [Authenticator Extensions][9]
[1]: https://www.w3.org/TR/webauthn/
[2]: https://www.mozilla.org/en-US/firefox/new/
[3]: https://www.google.com/chrome/
[4]: https://www.microsoft.com/en-us/windows/microsoft-edge
[5]: http://flask.pocoo.org/
[6]: https://localhost:5000
[7]: https://www.docker.com/
[8]: https://www.w3.org/TR/webauthn/#dom-collectedclientdata-tokenbindingid
[9]: https://www.w3.org/TR/webauthn/#dom-collectedclientdata-authenticatorextensions
[](https://pypi.python.org/pypi/webauthn)
[](https://raw.githubusercontent.com/duo-labs/py_webauthn/master/LICENSE)
PyWebAuthn is a Python module which can be used to handle [WebAuthn][1] registration and assertion. Currently, WebAuthn is supported in [Firefox][2], [Chrome][3], and [Edge][4].
# Installation
`pip install webauthn`
# Usage
Generating credential options, (to be passed to `navigator.credentials.create`):
```python
make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
challenge,
rp_name,
rp_id,
user_id,
username,
display_name,
icon_url)
```
Creating a `WebAuthnUser` object. Used during the assertion (login) process:
```python
webauthn_user = webauthn.WebAuthnUser(
user.id,
user.username,
user.display_name,
user.icon_url,
user.credential_id,
user.pub_key,
user.sign_count,
user.rp_id)
```
Generating assertion options, (to be passed to `navigator.credentials.get`):
```python
webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
webauthn_user,
challenge)
```
Verifying a registration response, (result of `navigator.credentials.create`):
```python
webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
RP_ID,
ORIGIN,
registration_response,
challenge,
trust_anchor_dir,
trusted_attestation_cert_required,
self_attestation_permitted,
none_attestation_permitted,
uv_required=False) # User Verification
try:
webauthn_credential = webauthn_registration_response.verify()
except Exception as e:
return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})
# Create User
```
Verifying an assertion response, (result of `navigator.credentials.get`):
```python
webauthn_user = webauthn.WebAuthnUser(
user.ukey,
user.username,
user.display_name,
user.icon_url,
user.credential_id,
user.pub_key,
user.sign_count,
user.rp_id)
webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
webauthn_user,
assertion_response,
challenge,
origin,
uv_required=False) # User Verification
try:
sign_count = webauthn_assertion_response.verify()
except Exception as e:
return jsonify({'fail': 'Assertion failed. Error: {}'.format(e)})
# Update counter.
user.sign_count = sign_count
```
# Flask Demo
There is a [Flask][5] demo available in the `flask_demo` directory. Follow these steps to run the Flask web app:
1. `cd flask_demo`
2. `pip install -r requirements.txt`
3. `python create_db.py`
4. `python app.py`
5. Go to [https://localhost:5000][6] in your web browser. Try registering and logging in with a compatible U2F or WebAuthn authenticator.
6. Profit?
# Flask Demo (Docker)
To run the [Flask][5] demo with [Docker][7]:
1. Install Docker.
2. `docker-compose up -d`
3. Go to [https://localhost:5000][6] in your web browser. Try registering and logging in with a compatible U2F or WebAuthn authenticator.
# Note
Currently, PyWebAuthn does not support performing the following verifications.
* [Token Binding ID][8]
* [Authenticator Extensions][9]
[1]: https://www.w3.org/TR/webauthn/
[2]: https://www.mozilla.org/en-US/firefox/new/
[3]: https://www.google.com/chrome/
[4]: https://www.microsoft.com/en-us/windows/microsoft-edge
[5]: http://flask.pocoo.org/
[6]: https://localhost:5000
[7]: https://www.docker.com/
[8]: https://www.w3.org/TR/webauthn/#dom-collectedclientdata-tokenbindingid
[9]: https://www.w3.org/TR/webauthn/#dom-collectedclientdata-authenticatorextensions
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
webauthn-0.4.2.tar.gz
(54.8 kB
view details)
File details
Details for the file webauthn-0.4.2.tar.gz.
File metadata
- Download URL: webauthn-0.4.2.tar.gz
- Upload date:
- Size: 54.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.9.1 pkginfo/1.4.1 requests/2.10.0 setuptools/38.5.1 requests-toolbelt/0.8.0 tqdm/4.19.4 CPython/2.7.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b862c3b4ea52362ba9b57656ccf30e8e7c38a5f3351da3c60a9b80778b89eeb5 |
|
| MD5 | c24636398de7f9ca26facc961034c475 |
|
| BLAKE2b-256 | 3f32fac0fa02e59cda6ff9350b778f2c5d3b272c56ac1b78059a895c82dd91ec |
