All Auth Authentication with Django REST Framework

Authentication with Django and Django REST Framework

There are a few ways to use authentication in your Django applications and there are a TON of libraries out there that will help you get authentication setup. I highly recommend using one of these libraries / packages that do authentication for you. That’s what this chapter is all about. I will take you through a couple really good of these packages that you can use RIGHT NOW to get started with authentication with both vanilla Django and Django REST Framework.

You may be thinking, doesn’t Django REST Framework have a few authentication schemes that work out of the box? Well, yes it does. But I still think you should use separate packages because they do the heavy lifting for you. Django REST Framework authentication is very basic. Some authentication packages are very easy to get started now.

Some things you should know:

  1. The packages that you need for this chapter are automatically installed if you ran the pipenv install command that you learned about in the first chapter so everything you need should be in your virtual environment.
  2. I highly recommend not using authentication in production unless you use HTTPS. Never use HTTP in production if you allow users to sign-in. This is very, very important.

Want to get started learning Django REST Framework? Sign up for a FREE 7 Day Email Course today. Click here for more information

Authentication with All Auth

First, we are going to implement Django AllAuth. Django AllAuth is a package used to implement Social Authentication for your application. It makes it very easy to get started I’m going to show you just how easy it is.

First, it should be said that I’m not going to teach how to set up signin / signout views using Vanilla Django. It’s very easy to do this in Django and there is a very good tutorial on the documentation site. The packages I’m teaching you how to to use is something a lot of people are trying to implement. Therefore, I’m running through a very simple way to use Facebook as a way to signup / signin.

Let’s get started in implementing All Auth

Create a Facebook App in Facebook

NOTE: If you don’t have a Facebook account, you can change the name “Facebook” to anything else you want and it should still work. (“Twitter”, “Github”, etc.) Also, when you create an app on the Social Media platform of your choice, the directions in how to do that is outside the scope of this book. If you do a Google Search for something like: twitter developer app or facebook developer app you should find the page you need to build an app for allowing your users to sign in.

Make sure to register your Facebook App as “Facebook Login”. When you create an app, Facebook will ask you about the “Site URL” of your Django Application.

Put in: http://localhost:8000/

Go to "Settings" > "Basic". Here, you should write down your Facebook App ID and App Secret. You will need it for later.

Settings in Django

Add the following to the file:

    'facebook': {
        'METHOD': 'oauth2',
        'SCOPE': ['email'],
        'AUTH_PARAMS': {'auth_type': 'reauthenticate'},
        'INIT_PARAMS': {'cookie': True},
        'FIELDS': [
        'EXCHANGE_TOKEN': True,
        'VERIFIED_EMAIL': False,
        'VERSION': 'v2.12',


Next, update the INSTALLED_APPS setting to include the following:

    # ... all the old apps plus the following ...

At the top of polls/index.html add the following after {% load static %}:

{% load socialaccount %}

And underneath the polls/style.css link tag, add some tags to allow your users to signup using Facebook.

{% if user.is_authenticated %}
<p>Welcome {{ user.username }}!</p>
{% else %}
<a href="{% provider_login_url 'facebook' %}">Sign Up</a>
{% endif %}

Now, if the user – let’s say “chris” – is authenticated, the site will say, Welcome chris!. Or, if the user is not get authenticated it will say, Sign up with a link to redirect to Facebook.

You can add the same {% if user.is_authenticated %} tag along with the {% load socialaccount %} tag in our Javascript application. The trick is these Django tags should be before the {% verbatim %} {% endverbatim %} tags. Try it out as an exercise in your understanding of AllAuth.

You can use the same tags to show the “vote” form. But, also you’ll need to update the view so nobody that isn’t signed in can vote. Simply make sure request.user exists.

You can use this same authentication scheme using Django REST Framework because we are creating and using the API in our Django Project. If we wanted to use Authentication using Django REST Framework from a mobile app or a desktop application our project would be a little different. For a comprehensive introduction to using Token Authentication, JWT Authentication, and other Django REST Framework schemes take a look at my book Token Authentication by Example