{"id":2479,"library":"django-otp","title":"Django OTP","description":"django-otp is a pluggable framework designed to integrate two-factor authentication (2FA) into Django projects using one-time passwords (OTPs). It provides the core framework and common OTP algorithms (HOTP, TOTP), allowing developers to build custom 2FA solutions or leverage existing plugins. The current version is 1.7.0, and the project maintains a healthy release cadence with active maintenance.","status":"active","version":"1.7.0","language":"en","source_language":"en","source_url":"https://github.com/django-otp/django-otp","tags":["django","authentication","otp","two-factor authentication","2fa","security"],"install":[{"cmd":"pip install django-otp","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core framework integration for OTP.","package":"Django","optional":false},{"reason":"Optional: For generating QR codes for HOTP/TOTP devices in the Django admin.","package":"qrcode","optional":true},{"reason":"Optional: Alternative to 'qrcode' for generating QR codes for HOTP/TOTP devices in the Django admin (supported since v1.5.0).","package":"segno","optional":true}],"imports":[{"symbol":"Device","correct":"from django_otp.models import Device"},{"symbol":"TOTPDevice","correct":"from django_otp.plugins.otp_totp.models import TOTPDevice"},{"symbol":"devices_for_user","correct":"from django_otp import devices_for_user"},{"symbol":"otp_required","correct":"from django_otp.decorators import otp_required"},{"symbol":"OTPMiddleware","correct":"from django_otp.middleware import OTPMiddleware"}],"quickstart":{"code":"# settings.py\n\nINSTALLED_APPS = [\n    # ... other Django apps\n    'django_otp',\n    'django_otp.plugins.otp_totp',  # Example: Time-based One-Time Passwords\n    # 'django_otp.plugins.otp_hotp', # Example: HMAC-based One-Time Passwords\n    # ... other OTP plugins (e.g., django-otp-sms)\n]\n\nMIDDLEWARE = [\n    # ... other Django middleware\n    'django_otp.middleware.OTPMiddleware',\n    'django.contrib.auth.middleware.AuthenticationMiddleware', # Ensure this is before OTPMiddleware\n    # ...\n]\n\n# urls.py (example for admin integration)\nfrom django.contrib import admin\nfrom django.urls import path\nfrom django_otp.admin import OTPAdminSite\n\nadmin.site.__class__ = OTPAdminSite\n\nurlpatterns = [\n    path('admin/', admin.site.urls),\n]\n\n# After configuring, run migrations:\n# python manage.py migrate","lang":"python","description":"This quickstart outlines the essential steps to integrate `django-otp` into a Django project. It involves adding `django_otp` and at least one OTP plugin (e.g., `otp_totp`) to `INSTALLED_APPS` and enabling `OTPMiddleware`. For admin site integration, assign `OTPAdminSite` to `admin.site.__class__`. Remember to run `python manage.py migrate` after updating `INSTALLED_APPS` to create necessary database tables."},"warnings":[{"fix":"Upgrade your Python and Django versions to meet the minimum requirements of the `django-otp` version you intend to use (e.g., Python >=3.8 for 1.7.0).","message":"Older versions of django-otp have dropped support for legacy Python and Django versions. For instance, v0.3.11 dropped Python 2.6 and Django 1.4. The current version (1.7.0) explicitly requires Python >=3.8. Ensure your environment meets the `requires_python` specification.","severity":"breaking","affected_versions":"<= 1.0"},{"fix":"Add `'django_otp.middleware.OTPMiddleware'` to your `MIDDLEWARE` list in `settings.py`, ensuring it is placed after `'django.contrib.auth.middleware.AuthenticationMiddleware'`.","message":"Failing to add `django_otp.middleware.OTPMiddleware` to your `MIDDLEWARE` setting or placing it incorrectly (it should typically come after `AuthenticationMiddleware`) will prevent OTP verification from functioning correctly.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Understand `django-otp`'s role as a foundational framework. If you need a complete 2FA application with ready-made UI and flows, consider `django-two-factor-auth`, which builds upon `django-otp`.","message":"`django-otp` is a low-level framework for managing OTPs, not a complete, opinionated two-factor authentication application. While it provides the building blocks, you will need to implement views, forms, and user flows or use a higher-level library like `django-two-factor-auth` for a ready-to-use solution.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Install `qrcode` or `segno` using pip: `pip install qrcode` or `pip install segno`.","message":"To enable QR code generation for HOTP/TOTP devices in the Django admin interface, you must explicitly install either the `qrcode` or `segno` Python package. Without one of these, QR codes will not be displayed.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-10T00:00:00.000Z","next_check":"2026-07-09T00:00:00.000Z"}