Authentication and Registration in Django Rest Framework
Project description
dj-rest-auth
Secure drop-in authentication endpoints for Django REST Framework. Works seamlessly with SPAs and mobile apps.
Features
- Login, logout, password change, password reset
- User registration with email verification
- Built-in MFA/2FA support (TOTP + recovery codes)
- JWT authentication with HTTP-only cookies
- Social auth (Google, GitHub, Facebook) via django-allauth
- Fully customizable serializers
Architecture
flowchart LR
Client[Client<br/>React / Vue / Mobile]
subgraph Django
subgraph dj-rest-auth
Auth[Login / Logout]
Reg[Registration]
PW[Password Reset]
end
DRF[Django REST Framework]
DJAuth[django.contrib.auth]
AA[django-allauth]
JWT[simplejwt]
end
Client <--> dj-rest-auth
Auth --> DRF
Auth --> DJAuth
Auth -.-> JWT
Reg -.-> AA
PW --> DJAuth
Quick Start
pip install dj-rest-auth
# settings.py
INSTALLED_APPS = [
...
'rest_framework',
'rest_framework.authtoken',
'dj_rest_auth',
]
# urls.py
urlpatterns = [
path('auth/', include('dj_rest_auth.urls')),
]
You now have:
| Endpoint | Method | Description |
|---|---|---|
/auth/login/ |
POST | Obtain auth token |
/auth/logout/ |
POST | Revoke token |
/auth/user/ |
GET, PUT | User details |
/auth/password/change/ |
POST | Change password |
/auth/password/reset/ |
POST | Request reset email |
/auth/password/reset/confirm/ |
POST | Confirm reset |
JWT with HTTP-only Cookies
pip install dj-rest-auth djangorestframework-simplejwt
# settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'dj_rest_auth.jwt_auth.JWTCookieAuthentication',
],
}
REST_AUTH = {
'USE_JWT': True,
'JWT_AUTH_COOKIE': 'access',
'JWT_AUTH_REFRESH_COOKIE': 'refresh',
'JWT_AUTH_HTTPONLY': True,
}
Registration
pip install 'dj-rest-auth[with-social]'
# settings.py
INSTALLED_APPS = [
...
'django.contrib.sites',
'allauth',
'allauth.account',
'dj_rest_auth.registration',
]
SITE_ID = 1
# urls.py
urlpatterns = [
path('auth/', include('dj_rest_auth.urls')),
path('auth/registration/', include('dj_rest_auth.registration.urls')),
]
MFA / 2FA
pip install 'dj-rest-auth[with-mfa]'
MFA ships as an opt-in sub-package (dj_rest_auth.mfa) with:
- TOTP login challenge flow
- Recovery codes
- Security-focused defaults (short-lived MFA tokens, activation confirmation)
See the guide for setup and endpoint details:
MFA Guide
Documentation
Full documentation at dj-rest-auth.readthedocs.io
Contributing
pip install -r dj_rest_auth/tests/requirements.txt
python runtests.py
See Contributing Guide for details.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
dj_rest_auth-7.2.0.tar.gz
(490.1 kB
view details)
File details
Details for the file dj_rest_auth-7.2.0.tar.gz.
File metadata
- Download URL: dj_rest_auth-7.2.0.tar.gz
- Upload date:
- Size: 490.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f77af37da5cf6ee28f03f283a378a2f5761860e72d1d6f2fa3d50e6286000482
|
|
| MD5 |
f06e6c7cd3dc7edbdb81feb69fa010ab
|
|
| BLAKE2b-256 |
14fdc8a185a98f6860b802dc5e663c652efc01cd68f4e046c65f8cb9328c0077
|
