Forem: Vanessa V The latest articles on Forem by Vanessa V (@vmvilla). https://forem.com/vmvilla https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1105198%2Fbd9b1383-f556-400b-ac74-32eec5696005.png Forem: Vanessa V https://forem.com/vmvilla en Add "Login with Passkeys" to your Django app Vanessa V Tue, 04 Jun 2024 22:15:40 +0000 https://forem.com/pangea/add-login-with-passkeys-to-your-django-app-20a5 https://forem.com/pangea/add-login-with-passkeys-to-your-django-app-20a5 <p>Passkeys, passkeys, passkeys! Everyone's talking about them. With <a href="https://www.theverge.com/2023/10/23/23928589/amazon-passkey-support-web-ios-shopping-mobile-app">Amazon</a> rolling out passkeys last year and <a href="https://blog.google/technology/safety-security/passkeys-default-google-accounts/">Google</a> encouraging users to make them the default authentication method, it raises the question: How do I add them to my app?</p> <h2> How do passkeys work? </h2> <p>If you’re just interested in implementing them, you can skip this section. No offense taken 😉</p> <p>FIDO2 multidevice credentials more often referred to as “passkeys” is a standard introduced by the FIDO alliance. It’s an extremely powerful way of using public-key cryptography to verify the identity of a user without passwords, multi-factor, etc. The public / private key pair is usually generated and securely stored on a hardware or software authenticator device.</p> <p>To learn more about how passkeys and authenticators work in detail, check out the <a href="https://pangea.cloud/securebydesign/authn-using-passkeys/?utm_source=hashnode&amp;utm_medium=passkeys-django-blog">Secure By Design Hub article</a> on passkeys.</p> <h2> How do I build it in? </h2> <p>In this tutorial, we’re going to leverage Pangea AuthN’s hosted pages to be able to quickly configure passkeys without building all the cryptographic mayhem from scratch 😅. To prove that it’s easy to add passkeys into any application in just a few minutes, I’m going to start with a fresh new Django app and implement passkeys in just a few steps.</p> <h3> Step 1: Create a new Django app and install needed dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python <span class="nt">-m</span> pip <span class="nb">install </span>django django-admin startproject mysite <span class="nb">cd </span>mysite python manage.py startapp authme pip <span class="nb">install </span>python-dotenv pangea-django python manage.py migrate </code></pre> </div> <p>Let's go to <code>mysite/mysite/settings.py</code> to allow our app to use these packages.</p> <p>We need to be able to:</p> <ol> <li><p>load a <code>.env</code> file</p></li> <li><p>access the <code>pangea-django</code> middleware</p></li> <li><p>load our HTML pages from a designated <code>templates</code> folder<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">dotenv</span> <span class="kn">import</span> <span class="n">load_dotenv</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">pathlib</span> <span class="kn">import</span> <span class="n">Path</span> <span class="nf">load_dotenv</span><span class="p">()</span> <span class="c1"># Skip down to the middlware declaration. # Comment or remove the default django middleware. # Add Pangea's Auth Middleware </span> <span class="n">MIDDLEWARE</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">django.middleware.security.SecurityMiddleware</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.contrib.sessions.middleware.SessionMiddleware</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.middleware.common.CommonMiddleware</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.middleware.csrf.CsrfViewMiddleware</span><span class="sh">"</span><span class="p">,</span> <span class="c1">#"django.contrib.auth.middleware.AuthenticationMiddleware", </span> <span class="sh">"</span><span class="s">pangea_django.PangeaAuthMiddleware</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.contrib.messages.middleware.MessageMiddleware</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.middleware.clickjacking.XFrameOptionsMiddleware</span><span class="sh">"</span><span class="p">,</span> <span class="p">]</span> <span class="c1"># Replace the default configuration with the templates below # templates folder is where we will keep our html </span> <span class="n">TEMPLATES</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="sh">"</span><span class="s">BACKEND</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">django.template.backends.django.DjangoTemplates</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DIRS</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">BASE_DIR</span><span class="p">,</span> <span class="sh">"</span><span class="s">templates</span><span class="sh">"</span><span class="p">)],</span> <span class="sh">"</span><span class="s">APP_DIRS</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">"</span><span class="s">OPTIONS</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">context_processors</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span> <span class="sh">"</span><span class="s">django.template.context_processors.debug</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.template.context_processors.request</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.contrib.auth.context_processors.auth</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django.contrib.messages.context_processors.messages</span><span class="sh">"</span><span class="p">,</span> <span class="p">],</span> <span class="p">},</span> <span class="p">},</span> <span class="p">]</span> </code></pre> </div> <h3> Step 2: Create an account on <a href="https://l.pangea.cloud/DN5AJWb">pangea.cloud</a> </h3> <p>Head over to <a href="https://l.pangea.cloud/DN5AJWb">pangea.cloud</a> and create an account for free. Then in the developer console, enable the “AuthN” service and grab the following tokens.</p> <p>These tokens will be pasted in your .env config file as shown below. Create and add these tokens into <code>mysite/.env</code> file like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">PANGEA_AUTHN_TOKEN</span><span class="o">=</span>&lt;PANGEA_AUTHN_TOKEN&gt; <span class="nv">PANGEA_DOMAIN</span><span class="o">=</span>&lt;PANGEA_DOMAIN&gt; <span class="nv">PANGEA_HOSTED_LOGIN</span><span class="o">=</span>&lt;PANGEA_HOSTED_LOGIN&gt; </code></pre> </div> <h3> Step 3: Add the Pangea Auth components to the new Django app </h3> <p>Now we edit our <code>mysite/authme/views.py</code> file with the <code>pangea_django</code> package that maintains authentication context and state across the application.</p> <p>So our <code>authme/views.py</code> file should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.shortcuts</span> <span class="kn">import</span> <span class="n">render</span><span class="p">,</span> <span class="n">redirect</span> <span class="kn">from</span> <span class="n">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">login_required</span> <span class="kn">from</span> <span class="n">pangea_django</span> <span class="kn">import</span> <span class="n">PangeaAuthentication</span><span class="p">,</span> <span class="n">generate_state_param</span> <span class="kn">import</span> <span class="n">os</span> <span class="c1"># Create your views here. </span> <span class="k">def</span> <span class="nf">landing</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">is_authenticated</span><span class="p">:</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="sh">"</span><span class="s">/home</span><span class="sh">"</span><span class="p">)</span> <span class="n">hosted_login</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">"</span><span class="s">PANGEA_HOSTED_LOGIN</span><span class="sh">"</span><span class="p">)</span> <span class="n">redirect_url</span> <span class="o">=</span> <span class="n">hosted_login</span> <span class="o">+</span> <span class="sh">"</span><span class="s">?state=</span><span class="sh">"</span> <span class="o">+</span> <span class="nf">generate_state_param</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="n">redirect_url</span><span class="p">)</span> <span class="k">def</span> <span class="nf">login_success</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="nc">PangeaAuthentication</span><span class="p">().</span><span class="nf">authenticate</span><span class="p">(</span><span class="n">request</span><span class="o">=</span><span class="n">request</span><span class="p">)</span> <span class="k">if</span> <span class="n">user</span><span class="p">:</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="sh">"</span><span class="s">/home</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@login_required</span><span class="p">(</span><span class="n">login_url</span><span class="o">=</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">logout</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="nc">PangeaAuthentication</span><span class="p">().</span><span class="nf">logout</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="k">return</span> <span class="nf">redirect</span><span class="p">(</span><span class="sh">"</span><span class="s">/logout</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@login_required</span><span class="p">(</span><span class="n">login_url</span><span class="o">=</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">home</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">context</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">context</span><span class="p">[</span><span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span> <span class="k">return</span> <span class="nf">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">"</span><span class="s">home.html</span><span class="sh">"</span><span class="p">,</span> <span class="n">context</span><span class="p">)</span> </code></pre> </div> <p>Next we need to map these views to paths. We do this in <code>mysite/mysite/urls.py</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.urls</span> <span class="kn">import</span> <span class="n">path</span> <span class="kn">import</span> <span class="n">authme</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="nf">path</span><span class="p">(</span><span class="sh">''</span><span class="p">,</span> <span class="n">authme</span><span class="p">.</span><span class="n">views</span><span class="p">.</span><span class="n">landing</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">home</span><span class="sh">'</span><span class="p">,</span> <span class="n">authme</span><span class="p">.</span><span class="n">views</span><span class="p">.</span><span class="n">home</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">login_success</span><span class="sh">'</span><span class="p">,</span> <span class="n">authme</span><span class="p">.</span><span class="n">views</span><span class="p">.</span><span class="n">login_success</span><span class="p">),</span> <span class="nf">path</span><span class="p">(</span><span class="sh">'</span><span class="s">logout</span><span class="sh">'</span><span class="p">,</span> <span class="n">authme</span><span class="p">.</span><span class="n">views</span><span class="p">.</span><span class="n">logout</span><span class="p">),</span> <span class="p">]</span> </code></pre> </div> <p>The app need to be able to access <code>mysite/authme/views.py</code> from <code>mysite/mysite/urls.py</code>. Add this line to <code>mysite/authme/__init__.py</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">.</span> <span class="kn">import</span> <span class="n">views</span> </code></pre> </div> <p>Lastly we need a page for this authentication to render to. The way we make pages in Django is by creating a templates folder with html pages. Since <code>authme.view.home</code> is routing to <code>&lt;base url&gt;/home</code>, we need to call our page <code>mysite/templates/home.html</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"viewport"</span> <span class="na">content=</span><span class="s">"width=device-width, initial-scale=1"</span><span class="nt">&gt;</span> <span class="nt">&lt;style&gt;</span> body,h1,h2,h3,h4,h5,h6 {font-family: "Lato", sans-serif;} body, html { height: 100%; color: #b47b00; line-height: 1.8; background-color: antiquewhite; } table { margin: 0px auto; background-color: white; padding: 25px; } tr { font-family: Verdana, Tahoma, sans-serif; font-size: 20px; color: #rgb(158, 108, 0); } td { padding: 2px; } <span class="nt">&lt;/style&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="c">&lt;!-- Navbar (sit on top) --&gt;</span> <span class="nt">&lt;div&gt;</span> <span class="nt">&lt;a</span> <span class="na">href=</span><span class="s">"logout"</span><span class="nt">&gt;</span>LOGOUT<span class="nt">&lt;/a&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="c">&lt;!-- Navbar (sit on top) --&gt;</span> <span class="nt">&lt;h1</span> <span class="na">style=</span><span class="s">"text-align: center;"</span><span class="nt">&gt;</span>You are logged in!<span class="nt">&lt;/h1&gt;</span> <span class="nt">&lt;table&gt;</span> <span class="nt">&lt;tr&gt;</span> <span class="nt">&lt;td&gt;</span>ID:<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;td&gt;</span>{{ user.id }}<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;/tr&gt;</span> <span class="nt">&lt;tr&gt;</span> <span class="nt">&lt;td&gt;</span>Email:<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;td&gt;</span>{{ user.email }}<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;/tr&gt;</span> <span class="nt">&lt;tr&gt;</span> <span class="nt">&lt;td&gt;</span>First Name:<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;td&gt;</span>{{ user.first_name }}<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;/tr&gt;</span> <span class="nt">&lt;tr&gt;</span> <span class="nt">&lt;td&gt;</span>Last Name:<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;td&gt;</span>{{ user.last_name }}<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;/tr&gt;</span> <span class="nt">&lt;tr&gt;</span> <span class="nt">&lt;td&gt;</span>Last Login:<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;td&gt;</span>{{ user.last_login }}<span class="nt">&lt;/td&gt;</span> <span class="nt">&lt;/tr&gt;</span> <span class="nt">&lt;/table&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <h3> Step 4: Add Redirect and Enable Passkeys in Pangea console </h3> <p>We need to add an authorized redirect, so that Pangea’s AuthN hosted pages can successfully redirect us back to the <a href="http://127.0.0.1:8000/home">http://127.0.0.1:8000/home</a> when a user is done authenticating.</p> <p>So first, let’s go under <code>General &gt; Redirect (Callback) Settings</code> and add <a href="http://127.0.0.1:8000/home">http://127.0.0.1:8000/home</a> as a redirect and save it.</p> <p>Here comes the last step, let’s enable Passkeys! Head over to <code>Single Sign On &gt; Passkeys</code> and enable it. Optionally you can choose to enable fallback authentication options based on your desired user experience.</p> <p>Here’s a quick video on how you can enable it in settings:</p> <p>Let's try it out! You can find the <a href="https://github.com/pangeacyber/pangea-django-authn-app">code in Github</a> and watch the demo below.</p> <p>If you are looking to add AuthN to other languages or frameworks, follow these tutorials:</p> <ul> <li><p><a href="https://pangea.cloud/blog/add-passkeys-to-reactjs-in-2mins/">React.js</a></p></li> <li><p><a href="https://pangea.cloud/blog/add-login-with-passkeys-to-nextjs-in-2-mins/">Next.js (page-router mode)</a></p></li> </ul>