Multi-factor authentication is a must have feature in any modern web application. Specially providing support for both TOTP (think applications on phone) and FIDO2 (say Yubikeys) usage. I created a small Django demo mfaforgood which shows how to enable both.
I am using django-mfa3 for all the hard work, but specially from a PR branch from my friend Giuseppe De Marco.
I also fetched the cbor-js package in the repository so that hardware tokens for FIDO2 to work. I hope this example will help you add the MFA support to your Django application.
Major points of the code
- Adding example templates from MFA project, with
admintheme and addingcbor-jsto the required templates. - Adding
mfatoINSTALLED_APPS. - Adding
mfa.middleware.MfaSessionMiddlewaretoMIDDLEWARE. - Adding
MFA_DOMAINandMFA_SITE_TITLEtosettings.py. - Also adding
STATICFILES_DIRS. - Adding
mfa.views.MFAListViewas the Index view of the application. - Also adding
mfaURLs.
After login for the first time one can enable MFA in the following screen.
