Open sserrano44 opened 9 years ago
I've been thinking of a modular approach to django-two-factor-auth. Currently there's support for phone numbers (pluggable provider, Twillio by default), apps (QR code) and yubikeys. However there are more providers of token generators, and I don't intent on implementing them all. However a generic package to support them all would be nice to have. u2f could then be provided as an add-on token module.
If you want to support u2f in the short term, have a look at how yubikeys are currently implemented. I would suggest taking the same approach for u2f.
I'm working on this. The (INSECURE, DO NOT USE it as is) proof of concept is https://github.com/moreati/django-two-factor-auth/commit/a44ac2309bc04161ba107bcc73269c4815267fb1
I plan on contributing to this. Just did my own implementation and it worked! Until then, why not rename internal functions from "Yubikey" to U2F? YubiKey is my favorite provider of U2F tokens, but U2F is a standard.
Is there any progress made in the last year+? Will this feature be integrated?
Is this still wanted now that we have webauthn as a plugin?
I would be great to integrate: https://github.com/gavinwahl/django-u2f
What would it take?