Drop-in API endpoints for handling authentication securely in Django Rest Framework. Works especially well with SPAs (e.g., React, Vue, Angular), and Mobile applications.
- Django >= 4.2 (See Unit Test Coverage in CI)
- Python >= 3.8
Install package
pip install dj-rest-auth
Add dj_rest_auth
app to INSTALLED_APPS in your django settings.py:
INSTALLED_APPS = (
...,
'rest_framework',
'rest_framework.authtoken',
...,
'dj_rest_auth'
)
Add URL patterns
urlpatterns = [
path('dj-rest-auth/', include('dj_rest_auth.urls')),
]
(Optional) Use Http-Only cookies
REST_AUTH = {
'USE_JWT': True,
'JWT_AUTH_COOKIE': 'jwt-auth',
}
Install required modules with pip install -r dj_rest_auth/tests/requirements.txt
To run the tests within a virtualenv, run python runtests.py
from the repository directory.
The easiest way to run test coverage is with coverage
,
which runs the tests against all supported Django installs. To run the test coverage
within a virtualenv, run coverage run ./runtests.py
from the repository directory then run coverage report
.
Testing may also be done using tox
, which
will run the tests against all supported combinations of Python and Django.
Install tox, either globally or within a virtualenv, and then simply run tox
from the repository directory. As there are many combinations, you may run them
in parallel
using tox --parallel
.
The tox.ini
includes an environment for testing code coverage
and you can run it and view this report with tox -e coverage
.
Linting may also be performed via flake8
by running tox -e flake8
.
View the full documentation here: https://dj-rest-auth.readthedocs.io/en/latest/index.html
This project began as a fork of django-rest-auth
. Big thanks to everyone who contributed to that repo!
This project has optional and very narrow support for Django-AllAuth. As the maintainer, I have no interest in making this package support all use cases in Django-AllAuth. I would rather focus on improving the quality of the base functionality or focus on OIDC support instead. Pull requests that extend or add more support for Django-AllAuth will most likely be declined. Do you disagree? Feel free to fork this repo!