Welcome to the webauthn-rp docs! Here you’ll find an autogenerated reference to the code as well as tutorials on how to get started with the library. The aim of this project is to enable Relying Parties to easily use public key credentials in Python backend web applications. Support is only for Python 3.x considering that Python 2.x reached its end of life in early 2020. This allows for the use of many features of Python 3 such as built-in type hinting and static type checking with mypy.
You can integrate this library into any backend web framework by implementing an interface that abstracts the operations that you’ll need to perform as a public key credential registrar (explained in more detail in the “Server Configuration” page).
The general flow diagram for web authentication is shown in the diagrams below (from the spec):
In the case of registration, the Relying Party server must send a challenge along with information about the user that is to be registered and the specific Relying Party to which that user is associated. This library is meant to aid in the generation of messages used in step 1 and the validation performed in step 6. Steps 0 and 5 are typically handled by an application-specific client library while the routing and parsing operations of steps 1 and 6 will need to be managed by the application-specific backend although some utilities are provided. Steps 2, 3, and 4, however, are completely managed by the browser and authenticator and are not part of this library. In fact, they are mostly covered by a different specification (the Client To Authenticator Protocol, or CTAP).
Authentication is very much like registration, however some of the message formats are different and consequently the parsing and validation operations as well. The steps and how they are handled mirror those of the registration flow.
View the full specification for more detail.