django-allauth: Help needed testing Passkeys

The upcoming support for WebAuthn (including Passkeys) within django-allauth has reached a point where early feedback would be incredibly valuable. If you would like to help out, this is what you could do:

If you find anything out of the ordinary, please file an issue over at Issues · pennersr/django-allauth · GitHub

With your help, progress towards getting this in a release will be faster.


1 Like

This is very exciting, I’m eager to smoke test the demos! However, is use of a valid email required for the demos? My first inclination was to use “” as an email just to get through account registration, but then I’m asked to “verify my email address.” These are clearly throwaway account credentials and passkeys being demonstrated, can the email address verification be made optional for the demos?

Alas, that would would not work very well. For example, turning on 2FA for accounts with unverified email addresses is something allauth prohibits, as that would result in an attack vector that can be abused. For example, consider a service where a hacker signs up using your email. Obviously, (s)he cannot not verify the email, but if 2FA is turned on you are effectively locked out of your account…

You can use a temp email address for example from this service: