| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 1116 |
| Technical Name |
user_face_login |
| License | LGPL-3 |
| Website | https://github.com/Ahmed220180093/odoo-face-login |
| Versions | 17.0 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 1116 |
| Technical Name |
user_face_login |
| License | LGPL-3 |
| Website | https://github.com/Ahmed220180093/odoo-face-login |
| Versions | 17.0 18.0 19.0 |
Face Login for Odoo 18
Sign in to Odoo with just your webcam â no password needed
What you get
Drop-in face authentication
After installing, the standard Odoo login page picks up a new Sign in with Face button below the email and password fields. Click it, look at the webcam, and you are signed in.
No server changes, no Python dependencies to install. The face recognition runs in the browser using face-api.js; only a 128-d encoding is sent to the server, never the camera feed.
Liveness challenge
Before the encoding is accepted, the user is asked to briefly turn their head left or right. This stops the trivial printed-photo attack â a flat picture cannot move.
Liveness is enabled by default and can be toggled from Settings.
How it looks
Per-user opt-in
Face login is enabled per user. Open any user's form (Settings → Users → pick a user), go to the new Face Login tab, tick "Face Login Enabled" and click "Capture / Add Sample".
The capture dialog grabs 5 face samples in a few seconds. You can come back later and add more samples â for example in different lighting â to make matching more robust.
Admin accounts are not enrolled by default â they keep using the regular login, so a broken webcam cannot lock you out of the system.
Security & honest tradeoffs
What this is good for
- Faster sign-in on workstations with a webcam
- Light-coverage internal tools and dashboards
- Setups where typing passwords slows people down
- Demos and trials
Honest limitations
- Face only = weaker than face + password. A determined attacker with a sharp video can fool any webcam-only system, including this one.
- Identical twins / very close look-alikes may both authenticate. The module refuses ambiguous matches but cannot disambiguate truly identical encodings.
- Low-light environments increase false-rejection rates; keep your face well lit during enrolment.
- Camera privacy shutters and disabled cameras will break the flow â the standard password form is always available as a fallback.
Built-in safeguards
Ambiguity refusal
If two enrolled users score within a configurable distance of each other, the module refuses to authenticate either â protecting against twins and look-alikes.
Rate limiting
Per-IP cooldown between attempts (default 2 seconds) blunts naive brute-force and replay scripts.
One-shot tokens
Authentication uses single-use, short-lived tokens bound to the user id. They live for 10 seconds in worker memory and are immediately consumed on use.
Configurable from Settings
Settings → Face Login lets you adjust:
- Face Match Threshold â lower is stricter (recommended 0.50 - 0.60).
- Ambiguity Gap â minimum distance between best and second-best matches required to accept either.
- Require Liveness â turn the head-turn challenge on or off.
- Rate Limit â seconds between attempts from the same IP.
Requirements
- Odoo 18 (Community or Enterprise)
- HTTPS deployment or access via
http://localhostâ browsers only grant camera access in secure contexts. - A working webcam on every machine where users will sign in.
- Modern browser (Chrome 90+, Firefox 90+, Edge 90+). Safari is supported on macOS 14+.
- Internet access to the jsDelivr CDN on first load (~1.2 MB for face-api.js and the model weights), or self-host the library â see README for instructions.
Support
Bug reports, feature requests and questions are welcome. Please include your Odoo version, browser, and a short description of the steps that triggered the issue.
Please log in to comment on this module