Metadata-Version: 2.1
Name: webauthn
Version: 0.4.7
Summary: A WebAuthn Python module.
Home-page: https://github.com/duo-labs/py_webauthn
Author: Duo Labs
Author-email: labs@duo.com
License: BSD
Download-URL: https://github.com/duo-labs/py_webauthn/archive/0.4.7.tar.gz
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Programming Language :: Python
Description-Content-Type: text/x-rst
License-File: LICENSE


PyWebAuthn
==========


.. image:: https://img.shields.io/pypi/v/webauthn.svg
   :target: https://pypi.python.org/pypi/webauthn
   :alt: PyPI


.. image:: https://img.shields.io/badge/license-BSD-blue.svg
   :target: https://raw.githubusercontent.com/duo-labs/py_webauthn/master/LICENSE
   :alt: GitHub license


PyWebAuthn is a Python module which can be used to handle `WebAuthn <https://www.w3.org/TR/webauthn/>`_ registration and assertion. Currently, WebAuthn is supported in `Firefox <https://www.mozilla.org/en-US/firefox/new/>`_\ , `Chrome <https://www.google.com/chrome/>`_\ , and `Edge <https://www.microsoft.com/en-us/windows/microsoft-edge>`_.

Installation
============

``pip install webauthn``

Usage
=====

Generating credential options, (to be passed to ``navigator.credentials.create``\ ):

.. code-block:: python

   make_credential_options = webauthn.WebAuthnMakeCredentialOptions(
       challenge,
       rp_name,
       rp_id,
       user_id,
       username,
       display_name,
       icon_url)

Creating a ``WebAuthnUser`` object. Used during the assertion (login) process:

.. code-block:: python

   webauthn_user = webauthn.WebAuthnUser(
       user.id,
       user.username,
       user.display_name,
       user.icon_url,
       user.credential_id,
       user.pub_key,
       user.sign_count,
       user.rp_id)

Generating assertion options, (to be passed to ``navigator.credentials.get``\ ):

.. code-block:: python

   webauthn_assertion_options = webauthn.WebAuthnAssertionOptions(
       webauthn_user,
       challenge)

Verifying a registration response, (result of ``navigator.credentials.create``\ ):

.. code-block:: python

   webauthn_registration_response = webauthn.WebAuthnRegistrationResponse(
       RP_ID,
       ORIGIN,
       registration_response,
       challenge,
       trust_anchor_dir,
       trusted_attestation_cert_required,
       self_attestation_permitted,
       none_attestation_permitted,
       uv_required=False)  # User Verification

   try:
       webauthn_credential = webauthn_registration_response.verify()
   except Exception as e:
       return jsonify({'fail': 'Registration failed. Error: {}'.format(e)})

   # Create User

Verifying an assertion response, (result of ``navigator.credentials.get``\ ):

.. code-block:: python

   webauthn_user = webauthn.WebAuthnUser(
       user.ukey,
       user.username,
       user.display_name,
       user.icon_url,
       user.credential_id,
       user.pub_key,
       user.sign_count,
       user.rp_id)

   webauthn_assertion_response = webauthn.WebAuthnAssertionResponse(
       webauthn_user,
       assertion_response,
       challenge,
       origin,
       uv_required=False)  # User Verification

   try:
       sign_count = webauthn_assertion_response.verify()
   except Exception as e:
       return jsonify({'fail': 'Assertion failed. Error: {}'.format(e)})

   # Update counter.
   user.sign_count = sign_count

Flask Demo
==========

There is a `Flask <http://flask.pocoo.org/>`_ demo available in the ``flask_demo`` directory. Follow these steps to run the Flask web app:


#. ``cd flask_demo``
#. ``pip install -r requirements.txt``
#. ``python create_db.py``
#. ``python app.py``
#. Go to `https://localhost:5000 <https://localhost:5000>`_ in your web browser. Try registering and logging in with a compatible U2F or WebAuthn authenticator.
#. Profit?

Flask Demo (Docker)
===================

To run the `Flask <http://flask.pocoo.org/>`_ demo with `Docker <https://www.docker.com/>`_\ :


#. Install Docker.
#. ``docker-compose up -d``
#. Go to `https://localhost:5000 <https://localhost:5000>`_ in your web browser. Try registering and logging in with a compatible U2F or WebAuthn authenticator.

Demo Troubleshooting
====================
By default, both the local and Docker demos try to run the web app using HTTPS. This may cause issues such as
``NET::ERR_CERT_AUTHORITY_INVALID`` on Chrome. To get around this issue on Chrome, you can do the following:

#. Generate a self-signed certificate through tools like mkcert_
#. Enable requests to localhost over HTTPS through the following flag: ``chrome://flags/#allow-insecure-localhost``.

For Firefox, you should be able to proceed to the page being served by the Flask app by doing the following:

#. Clicking 'Advanced'
#. Clicking 'Accept the Risk and Continue'.

.. _mkcert: https://github.com/FiloSottile/mkcert

Unit Tests
==========

To run the unit tests, use the following command from the top directory:

``python3 -m unittest``

This will run both the `py_webauthn` library tests and the Flask demo tests.

Note
====

Currently, PyWebAuthn does not support performing the following verifications.


* `Token Binding ID <https://www.w3.org/TR/webauthn/#dom-collectedclientdata-tokenbindingid>`_
* `Authenticator Extensions <https://www.w3.org/TR/webauthn/#dom-collectedclientdata-authenticatorextensions>`_


