A custom user model based django-package that implements JWT authentication and authorization flow in a few simple steps.
The package provides ready to use JSON formatted REST API end-points for signup, signin, (email) verification, password reset e.t.c.
(Email) verification and password reset features are both based on hashed short-lived verification code and temporary passwords, respectively. The account activation feature is based on a combination of the user's previously selected security question (provided through the admin portal by the site administrator) and an arbitrary answer that will be hashed and stored in the database.
By design, the logic for requesting and confirming password reset, account verification and activation is implemented in
the AbstractUser model class to make it easy to customize every step. For example, instead of sending verification
codes to users via email (default), you could opt to use SMS by overriding request_verification(...) method in the
abstract class or using the returned code in your views.
- Install package
pip install django-rest-xauth. - Add
xauth.apps.AppConfigtoINSTALLED_APPSsetting. This will expose the management command used in next step - it will not be necessary after that. Therefore, it can be uninstalled/removed safely fromINSTALLED_APPS. - Run
./manage.py create_xauth_app <path-to-xauth-app>e.g../manage.py create_xauth_app accounts/and follow further instructions as per the output of the command. Only run once - during initial setup. - Run
./manage.py makemigrations. - Include xauth
URLconfin your project'surls.pyas follows:urlpatterns = [path("", include("xauth.urls")), ...,]OR, register your own URLs from theViewSet(s) inxauth.accounts.viewsmodule. - Run
python manage.py migrateto create the xauth models. - Run
python manage.py createsuperuserto create a superuser account. - Run
python manage.py runserverto start the development server. - Visit
http://127.0.0.1:8000/accounts/signup/to register a new account.