{"id":7185,"library":"djoser","title":"Djoser (Django REST Authentication)","description":"Djoser provides a set of Django Rest Framework views to handle basic actions such as registration, login, logout, password reset, and account activation. It handles user authentication for Django REST Framework APIs, supporting various authentication backends including Token and JWT. The current version is 2.3.3, and it maintains an active release cadence with regular updates to support new Django and Python versions.","status":"active","version":"2.3.3","language":"en","source_language":"en","source_url":"https://github.com/sunscrapers/djoser","tags":["django","authentication","rest","drf","api","auth","jwt","token"],"install":[{"cmd":"pip install djoser","lang":"bash","label":"Install Djoser"},{"cmd":"pip install djoser[jwt]","lang":"bash","label":"Install Djoser with JWT support"},{"cmd":"pip install djoser[social]","lang":"bash","label":"Install Djoser with social authentication support"}],"dependencies":[{"reason":"Core web framework for Djoser to build upon.","package":"Django","optional":false},{"reason":"REST API framework that Djoser extends for authentication views.","package":"djangorestframework","optional":false},{"reason":"Required for JWT authentication in Djoser, typically installed with `djoser[jwt]`.","package":"djangorestframework-simplejwt","optional":true},{"reason":"Required for social authentication integrations, typically installed with `djoser[social]`.","package":"drf-social-oauth2","optional":true}],"imports":[{"symbol":"DJOSER_SETTINGS","correct":"from djoser.conf import settings as djoser_settings"},{"symbol":"UserCreateSerializer","correct":"from djoser.serializers import UserCreateSerializer"},{"note":"Commonly included directly in a project's `urls.py` via `include('djoser.urls')`.","symbol":"urlpatterns","correct":"from djoser.urls import urlpatterns"},{"note":"Used when customizing email templates/logic.","symbol":"ActivationEmail","correct":"from djoser.email import ActivationEmail"}],"quickstart":{"code":"import os\nfrom datetime import timedelta\n\n# settings.py\n\nINSTALLED_APPS = [\n    # ... other Django apps\n    'rest_framework',\n    'djoser',\n    # 'rest_framework_simplejwt', # Required for JWT support\n    # 'your_app_name', # If using a custom user model in 'your_app_name'\n]\n\n# Point to your custom User model or Django's default\nAUTH_USER_MODEL = 'auth.User' # Or 'your_app_name.CustomUser'\n\nREST_FRAMEWORK = {\n    'DEFAULT_AUTHENTICATION_CLASSES': (\n        'rest_framework_simplejwt.authentication.JWTAuthentication',\n        # 'rest_framework.authentication.TokenAuthentication', # If using Token Auth\n        'rest_framework.authentication.SessionAuthentication',\n    ),\n    'DEFAULT_PERMISSION_CLASSES': (\n        'rest_framework.permissions.IsAuthenticatedOrReadOnly',\n    ),\n}\n\nDJOSER = {\n    'PASSWORD_RESET_CONFIRM_URL': '#/password/reset/confirm/{uid}/{token}',\n    'USERNAME_RESET_CONFIRM_URL': '#/username/reset/confirm/{uid}/{token}',\n    'ACTIVATION_URL': '#/activate/{uid}/{token}',\n    'SEND_ACTIVATION_EMAIL': True,\n    'SEND_CONFIRMATION_EMAIL': True,\n    'SET_PASSWORD_RETYPE': True,\n    'SET_USERNAME_RETYPE': True,\n    'PASSWORD_RESET_SHOW_EMAIL_NOT_FOUND': True,\n    'TOKEN_MODEL': None, # Use Simple JWT by default\n    'SERIALIZERS': {\n        'user_create': 'djoser.serializers.UserCreateSerializer',\n        'user': 'djoser.serializers.UserSerializer',\n        'current_user': 'djoser.serializers.UserSerializer',\n        'user_delete': 'djoser.serializers.UserDeleteSerializer',\n    },\n    'EMAIL': {\n        'activation': 'djoser.email.ActivationEmail',\n        'confirmation': 'djoser.email.ConfirmationEmail',\n        'password_reset': 'djoser.email.PasswordResetEmail',\n        'password_changed': 'djoser.email.PasswordChangedEmail',\n        'username_reset': 'djoser.email.UsernameResetEmail',\n        'username_changed': 'djoser.email.UsernameChangedEmail',\n    },\n}\n\n# For development, print emails to console\nEMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'\n\n# Simple JWT settings (if using JWT authentication)\nSIMPLE_JWT = {\n    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=60),\n    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),\n    'ROTATE_REFRESH_TOKENS': True,\n    'BLACKLIST_AFTER_ROTATION': True,\n    'UPDATE_LAST_LOGIN': True,\n}\n\n# urls.py (in your project's root)\n\n# from django.contrib import admin\n# from django.urls import path, include\n\n# urlpatterns = [\n#     path('admin/', admin.site.urls),\n#     path('auth/', include('djoser.urls')),\n#     path('auth/', include('djoser.urls.jwt')), # For JWT authentication\n#     # path('auth/', include('djoser.urls.authtoken')), # For Token authentication\n#     # path('auth/', include('djoser.urls.social')), # For social authentication (if installed)\n# ]","lang":"python","description":"To integrate Djoser, first add `rest_framework` and `djoser` to your `INSTALLED_APPS`. Configure `AUTH_USER_MODEL` to point to your desired user model. Define `REST_FRAMEWORK` and `DJOSER` settings in your `settings.py` for authentication classes, permissions, and Djoser-specific URLs and serializers. For JWT, install `djangorestframework-simplejwt` and include `djoser.urls.jwt`. Finally, include Djoser's URLs in your project's `urls.py`."},"warnings":[{"fix":"Ensure your `settings.py` includes the correct `AUTHENTICATION_BACKENDS` configuration, e.g., `AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']` for default Django users.","message":"Djoser 2.3.0 introduced a vulnerability fix that requires users to have correctly configured `AUTHENTICATION_BACKENDS` in their Django settings for authentication to succeed. If your setup previously worked without a proper backend, it might break.","severity":"breaking","affected_versions":">=2.3.0"},{"fix":"Upgrade your Django project to Django 3.2+ and your Python environment to Python 3.8+.","message":"Djoser 2.2.0 dropped support for Django 2.x and Python 3.7. Attempting to run Djoser 2.2.0 or higher with these older versions will lead to compatibility issues or errors.","severity":"breaking","affected_versions":">=2.2.0"},{"fix":"Update any custom code or `DJOSER` settings that use `ID_FIELD` to `USER_ID_FIELD`.","message":"In Djoser 2.2.0, the setting `ID_FIELD` was renamed to `USER_ID_FIELD`. Custom serializers or code that directly referenced `ID_FIELD` will encounter `AttributeError` or `TypeError`.","severity":"breaking","affected_versions":">=2.2.0"},{"fix":"If experiencing Django version conflicts, ensure you are using Djoser 2.3.3 or later. Downgrade to 2.3.1 if issues persist and upgrading is not an immediate option.","message":"Djoser 2.3.2 temporarily introduced a bug that could restrict Django installations to versions lower than 4.0, despite official support for newer Django versions. This was reverted in 2.3.3.","severity":"gotcha","affected_versions":"2.3.2"},{"fix":"If your project's email logic depends on `django-templated-mail`, explicitly add `pip install django-templated-mail` to your project's requirements.","message":"As of Djoser 2.3.1, `django-templated-mail` was removed from its direct dependencies. If your email customizations explicitly relied on this package, ensure it is installed separately in your project.","severity":"gotcha","affected_versions":">=2.3.1"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Run `pip install djoser` to install the library.","cause":"Djoser library is not installed or not available in the current Python environment.","error":"ModuleNotFoundError: No module named 'djoser'"},{"fix":"Ensure `rest_framework`, `djoser`, and the Django app containing your custom user model are listed in `INSTALLED_APPS`.","cause":"The Django application containing your `AUTH_USER_MODEL` or `djoser`/`rest_framework` itself is missing from `INSTALLED_APPS` in `settings.py`.","error":"ImproperlyConfigured: AUTH_USER_MODEL refers to model '...' which has not been installed yet."},{"fix":"Verify that your project's `urls.py` includes `path('auth/', include('djoser.urls'))` and potentially `path('auth/', include('djoser.urls.jwt'))` or `djoser.urls.authtoken` depending on your authentication method.","cause":"Djoser's URLs are not correctly included in your project's main `urls.py`.","error":"NoReverseMatch at /auth/users/ Reverse for '...' not found. '...' is not a valid view function or pattern name."},{"fix":"Update your `DJOSER` settings or custom serializer code to use `USER_ID_FIELD` instead of `ID_FIELD`.","cause":"Your custom Djoser serializer or settings still refers to the deprecated `ID_FIELD` parameter.","error":"TypeError: __init__() got an unexpected keyword argument 'ID_FIELD'"}]}