Opened 8 months ago

Closed 8 months ago

#34896 closed New feature (wontfix)

First-party passkey support in django.auth

Reported by: Nick Meyer Owned by: nobody
Component: contrib.auth Version: dev
Severity: Normal Keywords: passkey, passkeys, webauthn
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Passkeys are quickly gaining traction as a more secure and user-friendly alternative to usernames and passwords. It would be a great feature for Django users and send a strong signal to the wider community if django.auth and the supporting code and UI were updated to support passkeys as a first-class alternative to usernames and passwords.

Items that would need to be updated (not exhaustive):

  • User models would need to be updated to support multiple passkeys
  • Authentication logic updated to support passkeys (WebAuthn relying party implementation)
  • Login UI updated to support choice of login with username/password or passkey

I understand that all of this can (and likely has) been implemented as a separate app/package, but again I feel it would be a great first-party feature and send a strong message to the wider community of the superior security and user-friendliness of asymmetric key cryptography over legacy usernames/passwords.

Change History (1)

comment:1 by Natalia Bidart, 8 months ago

Resolution: wontfix
Status: newclosed

Hello Nick, thanks for taking the time to file this ticket.

To request/propose a new feature for Django, the recommended path forward is to, first, propose and discuss the idea with the community and then gain consensus. To do that, please start a new conversation on the Django Forum, where you'll reach a wider audience and likely get richer feedback. For this proposal specifically, I see that there is a related forum post, so perhaps you could add to it?

https://forum.djangoproject.com/t/django-auth-admin-and-passkeys/22181/2

I'll close the ticket for now following the triage docs, but we could eventually re-open if there is a community agreement for the feature request. For more details, please see the documented guidelines for requesting features.

Thanks!

Note: See TracTickets for help on using tickets.
Back to Top