Closed dudeisbrendan03 closed 3 years ago
jeremystretch
commented
3 years ago Please provide more detail in your post above. Your proposed implementation should explain what WebAuthn is, what benefits it would bring to NetBox, what implications is has on the current authentication scheme, potential barriers to implementation, etc. The more detail you provide, the greater chance this has of being worked on.
sdktr
commented
3 years ago I'd prefer to handle auth methods outside netbox. Preferably with one good SSO implementation through OIDC. The external auth provider can handle a wide range of authentication options and fancy conditional access policies etc.
jeremystretch
commented
3 years ago Closing this out as there hasn't been any further detail provided.
NetBox version
v2.11.2
Feature type
New functionality
Proposed functionality
An implementation of WebAuthn.
This would alter the login workflow by requesting a second factor of authentication from built-in device keys (Android 10+), Windows Hello and FIDO2 security keys, or alternatively replace passwords altogether (the idea behind the Web Authentication API).
WebAuthn is now supported across all major browsers and libraries are already readily available to implement the API in Django.
Use case
FIDO2/the WebAuthn API would be beneficial for users by introducing another layer of security, or alternative to traditional password-based logins.
This would improve the general security of user accounts in Netbox
Database changes
A simplified, vague idea of changes which may be made:
External dependencies
webauthn, implementations already exist in Python and ready for Django e.g. https://github.com/duo-labs/py_webauthn