Django REST Auth

7.2.0 · active · verified Mon Apr 13

dj-rest-auth provides a set of customizable REST API endpoints for user authentication and registration in Django REST Framework, leveraging django-allauth for extended functionality. It is actively maintained with frequent releases, currently at version 7.2.0, supporting modern Django and Python versions.

Warnings

breaking Version 7.0.0 dropped support for Python versions older than 3.10 and Django versions older than 4.2. Ensure your environment meets these new minimum requirements.
Fix: Upgrade Python to 3.10+ and Django to 4.2+ before upgrading dj-rest-auth to 7.0.0 or later.
gotcha When using `dj-rest-auth.registration` (which depends on `django-allauth`), ensure `allauth.account.middleware.AccountMiddleware` is correctly configured and placed in your `MIDDLEWARE` settings, typically after `django.contrib.sessions.middleware.SessionMiddleware`.
Fix: Add 'allauth.account.middleware.AccountMiddleware' to your MIDDLEWARE list in settings.py.
gotcha As of v7.1.0, email and username requirement checks for registration are primarily managed through the `SIGNUP_FIELDS` setting within the `REST_AUTH` dictionary. Relying on older methods or direct `django-allauth` settings for these might lead to unexpected behavior.
Fix: Configure `REST_AUTH['SIGNUP_FIELDS']` and other `REST_AUTH` settings to explicitly define required registration fields.
gotcha Multi-Factor Authentication (MFA/2FA) support, introduced in v7.2.0, is an opt-in feature. It requires installing the extra `dj-rest-auth[with_mfa]` and `django-mfa` package, and then including `dj_rest_auth.mfa` in `INSTALLED_APPS`.
Fix: For MFA, ensure you `pip install "dj-rest-auth[with_mfa]"` and add `django_mfa`, `dj_rest_auth.mfa` to `INSTALLED_APPS`.
gotcha The `REST_AUTH` settings provide extensive customization options for serializers (e.g., `LOGIN_SERIALIZER`, `USER_DETAILS_SERIALIZER`). Incorrectly overriding these or using an incompatible custom serializer can break core authentication flows.
Fix: Always inherit from `dj_rest_auth`'s default serializers when creating custom ones, or ensure your custom serializers conform to the expected input/output fields. Test custom serializer changes thoroughly.

Install

pip install dj-rest-auth Basic installation
pip install "dj-rest-auth[with_social]" With django-allauth for social logins
pip install "dj-rest-auth[with_jwt]" With djangorestframework-simplejwt for JWT
pip install "dj-rest-auth[with_mfa]" With django-mfa for MFA/2FA (v7.2.0+)

Imports

LoginView
```
from dj_rest_auth.views import LoginView
```
dj-rest-auth provides its own specialized views for common authentication tasks, which are not directly interchangeable with DRF's default token views.
RegisterView
```
from dj_rest_auth.registration.views import RegisterView
```
Registration views are located in the `dj_rest_auth.registration` submodule, requiring a specific import path.

UserDetailsView

from dj_rest_auth.views import UserDetailsView

PasswordResetConfirmView

from dj_rest_auth.views import PasswordResetConfirmView

Quickstart

To integrate dj-rest-auth, first configure your `INSTALLED_APPS` and `REST_FRAMEWORK` settings in `settings.py`, including `dj_rest_auth`, `dj_rest_auth.registration`, and required `django-allauth` apps. Then, include the `dj_rest_auth` and `dj_rest_auth.registration` URLs in your project's `urls.py`. Remember to adjust `REST_AUTH` and `django-allauth` settings to suit your authentication strategy.

from django.contrib import admin
from django.urls import path, include

urlpatterns = [
    path('admin/', admin.site.urls),
    path('api-auth/', include('rest_framework.urls')), # Optional: for browsable API
    path('dj-rest-auth/', include('dj_rest_auth.urls')), # For login, logout, password reset etc.
    path('dj-rest-auth/registration/', include('dj_rest_auth.registration.urls')) # For registration
]

# In your settings.py:
# INSTALLED_APPS = [
#     # ... Django and DRF apps
#     'rest_framework',
#     'rest_framework.authtoken', # For TokenAuthentication
#     'dj_rest_auth',
#     'dj_rest_auth.registration',
#     'allauth', # Required for dj_rest_auth.registration
#     'allauth.account',
#     'allauth.socialaccount', # Optional: if using social login
#     # ... other apps
# ]
# 
# REST_FRAMEWORK = {
#     'DEFAULT_AUTHENTICATION_CLASSES': [
#         'rest_framework.authentication.SessionAuthentication',
#         'rest_framework.authentication.TokenAuthentication',
#         # 'dj_rest_auth.jwt_auth.JWTAuthentication', # If using JWT
#     ],
#     'DEFAULT_PERMISSION_CLASSES': [
#         'rest_framework.permissions.IsAuthenticated',
#     ],
# }
# 
# # django-allauth settings (required by dj_rest_auth.registration)
# ACCOUNT_AUTHENTICATION_METHOD = 'username_email'
# ACCOUNT_EMAIL_REQUIRED = True
# ACCOUNT_EMAIL_VERIFICATION = 'optional' # or 'mandatory'
# ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = True
# 
# # dj-rest-auth specific settings
# REST_AUTH = {
#     'USE_JWT': False, # Set to True if you installed with_jwt
#     'USER_DETAILS_SERIALIZER': 'dj_rest_auth.serializers.UserDetailsSerializer',
#     'LOGIN_SERIALIZER': 'dj_rest_auth.serializers.LoginSerializer',
#     'REGISTER_SERIALIZER': 'dj_rest_auth.registration.serializers.RegisterSerializer',
# }

view raw JSON →