[Django] #34896: First-party passkey support in django.auth
Django
-------------------------------------+-------------------------------------
Reporter: e3b0c442 | Owner: nobody
Type: New | Status: new
feature |
Component: | Version: dev
contrib.auth | Keywords: passkey, passkeys,
Severity: Normal | webauthn
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Passkeys are quickly gaining traction as a more secure and user-friendly
alternative to usernames and passwords. It would be a great feature for
Django users and send a strong signal to the wider community if
`django.auth` and the supporting code and UI were updated to support
passkeys as a first-class alternative to usernames and passwords.
Items that would need to be updated (not exhaustive):
* User models would need to be updated to support multiple passkeys
* Authentication logic updated to support passkeys (WebAuthn relying party
implementation)
* Login UI updated to support choice of login with username/password or
passkey
I understand that all of this can (and likely has) been implemented as a
separate app/package, but again I feel it would be a great first-party
feature and send a strong message to the wider community of the superior
security and user-friendliness of asymmetric key cryptography over legacy
usernames/passwords.
--
Ticket URL: <https://code.djangoproject.com/ticket/34896>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Type: New feature | Status: closed
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: passkey, passkeys, | Triage Stage:
webauthn | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => wontfix
Comment:
Hello Nick, thanks for taking the time to file this ticket.
To request/propose a new feature for Django, the recommended path forward
is to, first, propose and discuss the idea with the community and then
gain consensus. To do that, please start a new conversation on the
[https://forum.djangoproject.com/c/internals/5 Django Forum], where you'll
reach a wider audience and likely get richer feedback. For this proposal
specifically, I see that there is a related forum post, so perhaps you
could add to it?
https://forum.djangoproject.com/t/django-auth-admin-and-passkeys/22181/2
I'll close the ticket for now following the
[https://docs.djangoproject.com/en/4.2/internals/contributing/triaging-
tickets/#closing-tickets triage docs], but we could eventually re-open if
there is a community agreement for the feature request. For more details,
please see
[https://docs.djangoproject.com/en/stable/internals/contributing/bugs-and-
features/#requesting-features the documented guidelines for requesting
features].
Thanks!
--
Ticket URL: <https://code.djangoproject.com/ticket/34896#comment:1>