I'm a hobbyist coder and am trying to learn Passkey authentication. I got an API key from Yubico, and was trying to test it using python and flask. For some reason though, everytime I click the Yubikey and have the code entered in an input box, it always comes out as invalid. I double checked on the demo.yubikey.com and all the text generated by the yubikey is valid, so I'm stuck.
Here is my code:
from flask import Flask, request, render_template
from yubico_client.yubico import Yubico
from dotenv import load_dotenv
import os
load_dotenv()
app = Flask(__name__)
def validate_passkey(passkey):
client_id = os.getenv('YUBICO_CLIENT_ID')
secret_key = os.getenv('YUBICO_SECRET_KEY')
client = Yubico(client_id, secret_key)
try:
return client.verify(passkey)
except Exception:
return False
@app.route('/', methods=['GET', 'POST'])
def login():
error = None
if request.method == 'POST':
passkey = request.form.get('passkey')
if validate_passkey(passkey):
return 'Logged in!'
else:
error = '❌ Invalid passkey'
return render_template('secure login login.html', error=error)
if __name__ == '__main__':
app.run(debug=True)
and i have a very simple HTML form to take they input from the Yubikey:
<form method="POST">
<input type="text" name="passkey" placeholder="Enter your YubiKey passkey">
<input type="submit" value="Login">
</form>
{% if error %}
<p class="error">{{ error }}</p>
{% endif %}