This project offers a revolutionary approach to passwordless authentication by providing an IDP. Our main contributions in the mentioned work include - providing novel approaches to biometric such as facial & voice verification, collecting only a single facial image or voice recording to register a user and verify them later. The data is stored on the server as embeddings rather than conventional methods such as actual images or voice recordings for privacy concerns, token based authentication using personal devices as well as fido authentication methods.
The above project has been made with python v3.9 and would best work with it.
Create a virtual environment
python -m venv <environment name>
<environment name>\Scripts\activate
Clone the repo
https://github.com/JeevikaK/PasswordlessAuth.git
cd PasswordlessAuth
Install Requirements
pip install -r requirements.txt
Install ffpeg software from the link below, unzip it and install and then add it to path variables. (A restart maybe required)
https://www.gyan.dev/ffmpeg/builds/ffmpeg-git-full.7z
Run the server
cd server
uvicorn passwordless_authentication.asgi:application --reload --port 8000 --host localhost
Run the web client
cd reactapp
npm install
npm start
Build the app
cd flutter_app/example
run flutter pub get .
// Start your virtual device or connect your mobile phone.
adb reverse tcp:8000 tcp:8000
// Start debugging your app
Our IDP is directed towards Developers. The current usage shown below is using the django framework, but the code can be replicated for flask framework as well (Python based frameworks as of now).
Create a django project and app
django-admin startproject sampleproject
cd sampleproject
py manage.py startapp sampleapp
Copy the folder PasswordlessAuth/noPass
in sampleproject
(we will provide it as a Pypi package in future).
cd noPass
pip install -r requirements.text
cd ..
py registerApp --create 'Sample App' --redirect_link localhost:5000/callback
Paste the app_id
and app_secret
from the output of command in step 3 in sampleproject/settings.py
by creating a configuration or in sampleapp/views.py
. We will demonstrate through the latter case.
Initialise your app in sampleapp/views.py
from nopass.main import *
APP_ID = '<YOUR APP ID>'
APP_SECRET = '<YOUR APP SECRET>'
npass = NoPass(APP_ID, APP_SECRET)
Define and Initialise App routes for authentication in sampleapp/views.py
def signup(request):
return npass.sign_up()
def login(request):
return npass.log_in()
#important: This is where you recieve user data.
def callback(request):
user = npass.get_user(request)
request.session['user'] = user
return redirect('index')
def logout(request):
request.session['user'] = None
return redirect('index')
Define endpoints in anchor tags in sampleapp\templates\sampleapp\index.html
or any of your corresponding webpages.
<a href="{% url 'logout' %}" class="btn btn-warning mx-5" role="button">Log out</a>
<a href="{% url 'signup' %}" class="btn btn-secondary mx-5" role="button">Sign up</a>
<a href="{% url 'login' %}" class="btn btn-info mx-5" role="button" >Log in</a>
Run the sampleapp
py manage.py runserver 5000
- Django Rest Framework (Python)
- Sqlite
- Tensorflow
- Pytorch
- Core packages -
keras-facenet, resemblyzer, cryptography
- External apis -
webauthn
- Liveliness Detection - https://github.com/computervisioneng/Silent-Face-Anti-Spoofing (Tweaked source code to our needs)
- QR Code Scanner - https://github.com/contactlutforrahman/flutter_qr_bar_scanner
- Web - ReatJS (HTML, CSS, JS)
- App - Flutter (Dart)
- Nodemcu ESP8266
- AD8232 ECG Monitor sensor
- ffmpeg
- A Single IDP plaform that provides multiple authentication services - all passwordless, especially biometrics. (novel)
- Ease of authentication in foreign devices.
- Support for legacy devices – PCs which don’t support BT & WiFi/webcam & recorder - Inapp authentication (novel)
- Increased privacy because embeddings are stored instead of actual data, thus complying with gdpr rules.
- Recovery and single Sign-on mechanism. Normally passwordless authentication methods do not provide the above, we overcome this issue too.
- The IDP can be integrated in the development application in a small and simple number of steps unlike other solutions