npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cz-nic/django-fido

v1.2.1

Published

Django application for FIDO protocol

Downloads

61

Readme

django-fido

Python tests JS tests codecov

Django application for FIDO protocol

Django-fido provides basic components for FIDO 2 authentication - model to store user's FIDO 2 authenticator data and basic views.

Table of Contents

Dependencies

  • Python 3.5 and higher
  • Django >= 3.0

Configuration

  1. Add django_fido to INSTALLED_APPS.

  2. Add django_fido.backends.Fido2AuthenticationBackend to AUTHENTICATION_BACKENDS.

  3. Link django-fido URLs into your urls.py:

    urlpatterns += [
       url(r'', include('django_fido.urls')),
    ]
  4. If you wish, set string variable DJANGO_FIDO_RP_NAME.

Extra configuration

DJANGO_FIDO_RESIDENT_KEY

Default: False

Purpose: Set to True to enable discoverable credentials, private key and associated metadata is stored in persistent memory on the authenticator. This is useful for passwordless authentication.

One step authentication

You can also decide to use one step authentication. In this case, you will use just one authentication form, that will collect username, password and FIDO2 credentials. In addition to the configuration above, you also need to:

  1. Set DJANGO_FIDO_TWO_STEP_AUTH to False.
  2. Replace django_fido.backends.Fido2AuthenticationBackend with django_fido.backends.Fido2GeneralAuthenticationBackend in AUTHENTICATION_BACKENDS.
  3. Set DJANGO_FIDO_AUTHENTICATION_BACKENDS to the list of your additional authentication backends, if you use others than django.contrib.auth.backends.ModelBackend.
  4. Set data-autosubmit-off attribute on the form element of your login page.

Please note that your login form must have a field named username, even if your USERNAME_FIELD is not username.

Metadata download

If you want to be able to download authenticator metadata, you need to set DJANGO_FIDO_METADATA_SERVICE setting which is a dictionary. The MDS is available in two versions v2 (deprecated) and v3 (current). If you want to use MDSv2, you have to set a valid ACCESS_TOKEN. If you want to use MDSv3, you have to set MDS_FORMAT to 3 and set a valid URL providing the MDSv3 data. Then you can periodically run the download_authenticator_metadata management command. If metadata are available for the given Authenticator, its metadata property will be an object. The level, vulnerabilities and is_update_available methods on metadata can be used to determine the trust and certification level.

Passwordless

This authentication requires "discoverable credential" and using that credential to perform a user lookup using the passwordless authentication backend

  1. Set DJANGO_FIDO_RESIDENT_KEY to True
  2. Set 'DJANGO_FIDO_PASSWORDLESS_AUTH' to 'True'
  3. Set 'DJANGO_FIDO_TWO_STEP_AUTH' to 'False'
  4. Replace django_fido.backends.Fido2AuthenticationBackend with django_fido.backends.Fido2PasswordlessAuthenticationBackend in AUTHENTICATION_BACKENDS.

Set user verification requirement

Set DJANGO_FIDO_USER_VERIFICATION to required, preferred or discouraged, default is None

Changes

See changelog.

Testing

Use tox to run tests

tox

License

See LICENSE.