Skip to main content

An authentication token for djangorestframework that has an expiration date.

Project description

A new authentication backend for Django REST framework that uses a token with an expiration date. A new token is created every time a user logs in. The token expiration date is refreshed every time the token is used. It supports custom user models

How To Use

Add to your installed apps


Add the authentication class to the default authentication classes


The app comes with a login URL at /login. The endpoint expects two parameters: username and password.

url_patterns = [
    # Can login by using /auth/login
    url(r'^auth/', include('timed_auth_token.urls', namespace='auth')),

After a successful login the response contains one key: token.

{'token': 'lkjalsdjf8asdkjfal;kdfa8s;dlna;sdf'}

To use this token to authenticate it must be included in the HTTP headers:

Authorization: Token YOURTOKEN


The only available configuration option is the duration of the token. It defaults to 30 days. You can set it either on the user model as an attribute or as a setting in your If they are both set, the user model will take precedence.

  1. Put it on your user model as an attribute

    from datetime import timedelta
    from django.contrib.auth.models import User
    class MyUserModel(User):
        token_validity_duration = timedelta(days=60)
  2. Put it in your

    from datetime import timedelta
        'DEFAULT_VALIDITY_DURATION': timedelta(days=45)


Starting code (model, auth backend) thanks to Jake from

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page