How to Implement Custom Authentication with Django REST Framework

Posted by Chris Bartos on January 6, 2017

Introduction to Custom Authentication

Custom Authentication in Django REST Framework is the way you would create any time of authentication you would want. In fact, inside of the internals of DRF, you will find every other authentication scheme that I’ve talked about using CustomAuthentication. So, let’s look at an example of how you would implement something like this.

How to Implement Custom Authentication

WARNING: The example I’m about to show you is VERY VERY bad for security so DON’T use it in production. :)

First, you will need to override the BaseAuthentication class. It looks like this:


from django.contrib.auth.models import User
from rest_framework.authentication import BaseAuthentication
from rest_framework import exceptions

class MyCustomAuthentication(BaseAuthentication):
    def authenticate(self, request):
        username = request.GET.get("username")

        if not username: # no username passed in request headers
            return None # authentication did not succeed

            user = User.objects.get(username=username) # get the user
        except User.DoesNotExist:
            raise exceptions.AuthenticationFailed('No such user') # raise exception if user does not exist

        return (user, None) # authentication successful

I called the new class MyCustomAuthentication. If you look at what this does, it retrieves a username as a GET request and will try to find a user with that username. (You should now understand why this is a stupid example).

Next, in you’ll want to update the DEFAULT_AUTHENICATION setting.

  'DEFAULT_AUTHENTICATION_CLASSES': (                             'accounts.auth.MyCustomAuthentication', ),
  'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ) }

And that is LITERALLY all you need to do to create a new authentication scheme. Download the custom code below and try going to the following URL:


You should be able to see the data. Also, if you go to:


The authentication scheme should deny you from getting any data at all.

Click Here to Download the Sample Code


  1. Run the sample code and go to the two URLs above.
  2. Try to implement your own Session Authentication scheme WITHOUT enforcing CSRF tokens using Custom Authentication. You can see how Session Authentication is implemented here

Need help with Django REST Framework? Django REST Framework documentation a little confusing?

Join me for my FREE Django REST Framework email course:

Django REST Framework Email Course

You'll get 1 lesson everyday for 7 days.
You'll learn:

  • Serializers
  • Request Methods
  • Endpoints
  • Basic Authentication
  • JQuery Integration
  • AngularJS Integration
Powered by ConvertKit

Similar Posts

How to Implement Token Authentication with Django REST Framework
How to Override TokenAuthentication Backend to Detect an Expiring Token
How do I Implement Session Authentication in Django REST Framework?
How to Implement OAuth2 using Django REST Framework
List of Authentication Schemes available for Django REST Framework