Welcome to django-rest-xauth
A custom user model based django-package that implements JWT authentication and authorization flow in a few simple steps.
The package provides ready to use JSON formatted REST API end-points for signup, signin, (email) verification, password reset e.t.c.
(Email) verification and password reset features are both based on hashed short-lived verification code and temporary passwords, respectively. The account activation feature is based on a combination of the user's previously selected security question (provided through the admin portal by the site administrator) and an arbitrary answer that will be hashed and stored in the database.
By design, the logic for requesting and confirming password reset, account verification and activation is implemented in
AbstractUser model class to make it easy to customize every step. For example, instead of sending verification
codes to users via email (default), you could opt to use SMS by overriding
request_verification(...) method in the
abstract class or using the returned code in your views.
- Install package
pip install django-rest-xauth.
INSTALLED_APPSsetting. This will expose the management command used in next step - it will not be necessary after that. Therefore, it can be uninstalled/removed safely from
./manage.py create_xauth_app <path-to-xauth-app>e.g.
./manage.py create_xauth_app accounts/and follow further instructions as per the output of the command. Only run once - during initial setup.
- Include xauth
URLconfin your project's
urlpatterns = [path("", include("xauth.urls")), ...,]OR, register your own URLs from the
python manage.py migrateto create the xauth models.
python manage.py createsuperuserto create a superuser account.
python manage.py runserverto start the development server.
http://127.0.0.1:8000/accounts/signup/to register a new account.