Skip to main content

Pythonic WebAuthn

Project description

py_webauthn

PyPI GitHub license Pythonic WebAuthn

A Python3 implementation of the server-side of the WebAuthn API focused on making it easy to leverage the power of WebAuthn.

This library supports all FIDO2-compliant authenticators, including security keys, Touch ID, Face ID, Windows Hello, Android biometrics...and pretty much everything else.

Installation

This module is available on PyPI:

pip install webauthn

Requirements

  • Python 3.8 and up

Usage

The library exposes just a few core methods on the root webauthn module:

  • generate_registration_options()
  • verify_registration_response()
  • generate_authentication_options()
  • verify_authentication_response()

Two additional helper methods are also exposed:

  • options_to_json()
  • base64url_to_bytes()

Additional data structures are available on webauthn.helpers.structs. These Pydantic-powered dataclasses are useful for constructing inputs to the methods above, and for providing type hinting to help ensure consistency in the shape of data being passed around.

Generally, the library makes the following assumptions about how a Relying Party implementing this library will interface with a webpage that will handle calling the WebAuthn API:

The examples mentioned below include uses of the options_to_json() helper (see above) to show how easily bytes values in registration and authentication options can be encoded to base64url for transmission to the front end.

The examples also include demonstrations of how to pass JSON-ified responses, using base64url encoding for ArrayBuffer values, into parse_registration_credential_json and parse_authentication_credential_json to be automatically parsed by the methods in this library. An RP can pair this with corresponding custom front end logic, or one of several frontend-specific libraries (like @simplewebauthn/browser, for example) to handle encoding and decoding such values to and from JSON.

Other arguments into this library's methods that are defined as bytes are intended to be values stored entirely on the server. Such values can more easily exist as bytes without needing potentially extraneous encoding and decoding into other formats. Any encoding or decoding of such values in the name of storing them between steps in a WebAuthn ceremony is left up to the RP to achieve in an implementation-specific manner.

Registration

See examples/registration.py for practical examples of using generate_registration_options() and verify_registration_response().

You can also run these examples with the following:

# See "Development" below for venv setup instructions
venv $> python -m examples.registration

Authentication

See examples/authentication.py for practical examples of using generate_authentication_options() and verify_authentication_response().

You can also run these examples with the following:

# See "Development" below for venv setup instructions
venv $> python -m examples.authentication

Development

Installation

Set up a virtual environment, and then install the project's requirements:

$> python3 -m venv venv
$> source venv/bin/activate
venv $> pip install -r requirements.txt

Testing

Python's unittest module can be used to execute everything in the tests/ directory:

venv $> python -m unittest

Auto-watching unittests can be achieved with a tool like nodemon.

All tests:

venv $> nodemon --exec "python -m unittest" --ext py

An individual test file:

venv $> nodemon --exec "python -m unittest tests/test_aaguid_to_string.py" --ext py

Linting and Formatting

Linting is handled via mypy:

venv $> python -m mypy webauthn
Success: no issues found in 52 source files

The entire library is formatted using black:

venv $> python -m black webauthn --line-length=99
All done!  🍰 52 files left unchanged.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

webauthn-2.1.0.tar.gz (114.0 kB view details)

Uploaded Source

Built Distribution

webauthn-2.1.0-py3-none-any.whl (67.7 kB view details)

Uploaded Python 3

File details

Details for the file webauthn-2.1.0.tar.gz.

File metadata

  • Download URL: webauthn-2.1.0.tar.gz
  • Upload date:
  • Size: 114.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for webauthn-2.1.0.tar.gz
Algorithm Hash digest
SHA256 b196a4246c2818820857ba195c6e6e5398c761117f2269e3d2deab11c7995fc4
MD5 1c1b50b38536044a67299d681d0d2c34
BLAKE2b-256 b16839e4eb7dee562f39e75d4ea0fc9a188d76919cbc2bfb1e523a1af2f3a432

See more details on using hashes here.

File details

Details for the file webauthn-2.1.0-py3-none-any.whl.

File metadata

  • Download URL: webauthn-2.1.0-py3-none-any.whl
  • Upload date:
  • Size: 67.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for webauthn-2.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9e1cf916e5ed7c01d54a6dfcc19dacbd2b87b81d2648f001b1fcbcb7aa2ff130
MD5 29e64d8bdaad34522301ddd5ef1cbcd5
BLAKE2b-256 d6429a6ae7f8ffdb96b6263c6473bdb0c5a63b9735cedee4f5abd4da49a4c22c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page