Opened 15 months ago
Closed 15 months ago
#34896 closed New feature (wontfix)
First-party passkey support in django.auth
Reported by: | Nick Meyer | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | passkey, passkeys, webauthn |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Passkeys are quickly gaining traction as a more secure and user-friendly alternative to usernames and passwords. It would be a great feature for Django users and send a strong signal to the wider community if django.auth
and the supporting code and UI were updated to support passkeys as a first-class alternative to usernames and passwords.
Items that would need to be updated (not exhaustive):
- User models would need to be updated to support multiple passkeys
- Authentication logic updated to support passkeys (WebAuthn relying party implementation)
- Login UI updated to support choice of login with username/password or passkey
I understand that all of this can (and likely has) been implemented as a separate app/package, but again I feel it would be a great first-party feature and send a strong message to the wider community of the superior security and user-friendliness of asymmetric key cryptography over legacy usernames/passwords.
Hello Nick, thanks for taking the time to file this ticket.
To request/propose a new feature for Django, the recommended path forward is to, first, propose and discuss the idea with the community and then gain consensus. To do that, please start a new conversation on the Django Forum, where you'll reach a wider audience and likely get richer feedback. For this proposal specifically, I see that there is a related forum post, so perhaps you could add to it?
https://forum.djangoproject.com/t/django-auth-admin-and-passkeys/22181/2
I'll close the ticket for now following the triage docs, but we could eventually re-open if there is a community agreement for the feature request. For more details, please see the documented guidelines for requesting features.
Thanks!