Back to Projects

BMAuth

A production-grade biometric authentication framework for FastAPI based on WebAuthn/FIDO2 principles. The system replaces passwords with device-bound public-key cryptography and multi-layer verification (biometrics + email PINs), featuring pluggable storage architecture with Supabase/Postgres backend and advanced cross-device authentication flows.

October 2025 - Present
View Code
PythonFastAPIHTML/CSSWebAuthn/FIDO2SupabasePostgreSQL
BMAuth

The Challenge

Password-based authentication remains the weakest link in application security, with credential stuffing, phishing, and brute force attacks causing billions in annual damages. Implementing WebAuthn/FIDO2 biometric authentication is complex, requiring deep knowledge of cryptographic protocols, cross-device synchronization, and recovery mechanisms. Most developers lack the expertise or time to implement secure passwordless authentication from scratch.

The Solution

Created a production-grade biometric authentication framework for FastAPI that eliminates password-based attack vectors entirely. The system implements WebAuthn/FIDO2 standards with device-bound public-key cryptography, multi-layer verification combining biometrics with email PIN verification, and pluggable storage architecture supporting Supabase/Postgres backends. Published to PyPI for zero-config integration with any FastAPI application.

Technical Highlights

  • Implemented full WebAuthn/FIDO2 specification with device-bound public-key cryptography eliminating password attack vectors
  • Developed pluggable storage architecture with Supabase/Postgres backend and automatic database schema generation
  • Built multi-layer verification system combining device biometrics with email PIN verification for enhanced security
  • Engineered cross-device authentication via QR-based biometric verification and secure account recovery flows
  • Published to PyPI with comprehensive documentation enabling zero-config integration with any FastAPI application

Key Results & Impact

Eliminates 100% of password-based attack vectors (credential stuffing, phishing, brute force)
Achieves zero-config integration through PyPI package with automatic schema generation
Supports cross-device authentication via secure QR-based biometric verification
Provides pluggable storage supporting both Supabase and direct PostgreSQL connections
Delivers production-ready security framework with comprehensive account recovery mechanisms

Business Impact

BMAuth makes enterprise-grade passwordless authentication accessible to every FastAPI developer. By abstracting the complexity of WebAuthn/FIDO2 implementation, the framework enables rapid deployment of biometric authentication that meets modern security standards. The project demonstrates expertise in cryptographic protocols, security architecture, and Python package development for the open-source community.

Key Achievements

Built production-grade WebAuthn/FIDO2 biometric auth framework eliminating password-based attack vectors
Developed pluggable storage architecture with Supabase/Postgres backend and automatic schema generation
Implemented multi-layer verification combining device biometrics with email PIN verification
Designed cross-device authentication via QR-based biometric verification and secure account recovery
Published to PyPI enabling zero-config integration with any FastAPI application

Interested in Learning More?

Check out the source code or see the project in action

Explore Source Code