Skip to content

forthecraft/drf-auth-kit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

101 Commits
.github
.github
 
 
auth_kit
auth_kit
 
 
docs
docs
 
 
sandbox
sandbox
 
 
sandbox_extras
sandbox_extras
 
 
scripts
scripts
 
 
.coveragerc
.coveragerc
 
 
.editorconfig
.editorconfig
 
 
.env.EXAMPLE
.env.EXAMPLE
 
 
.env.test
.env.test
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.python-version
.python-version
 
 
.readthedocs.yaml
.readthedocs.yaml
 
 
AUTHORS.rst
AUTHORS.rst
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CLAUDE.md
CLAUDE.md
 
 
CODE_OF_CONDUCT.rst
CODE_OF_CONDUCT.rst
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
docker-compose.yml
docker-compose.yml
 
 
mypy.ini
mypy.ini
 
 
pyproject.toml
pyproject.toml
 
 
pyrightconfig.json
pyrightconfig.json
 
 
ruff.toml
ruff.toml
 
 
tox.ini
tox.ini
 
 
uv.lock
uv.lock
 
 

Repository files navigation

DRF AUTH KIT

PyPI Code Coverage Test Checked with mypy Checked with pyright Docstring

Modern Django REST Framework authentication toolkit with JWT cookies, social login, MFA, and comprehensive user management.

Built as a next-generation alternative to existing DRF authentication packages, DRF Auth Kit provides a complete authentication solution with modern developer experience, inspired by dj-rest-auth but enhanced with full type safety, automatic OpenAPI schema generation, and comprehensive MFA support inspired by django-trench.

Features

  • Multiple Authentication Types: JWT (default), DRF Token, or Custom
  • Cookie-Based Security: HTTP-only cookies
  • Complete User Management: Registration, password reset, email verification
  • Multi-Factor Authentication: Support multiple MFAs with backup codes
  • Social Authentication: Django Allauth integration with 50+ providers, support for both OAuth2 and OpenID connect.
  • Internationalization: Built-in support for 57 languages including English, Spanish, French, German, Chinese, Japanese, Korean, Vietnamese, and more
  • Full Type Safety: Complete type hints with mypy and pyright
  • OpenAPI Integration: Auto-generated API documentation with DRF Spectacular
  • Flexible Configuration: Customizable serializers, views, and authentication backends

Installation

pip install drf-auth-kit

Optional Features:

# For MFA support
pip install drf-auth-kit[mfa]

# For social authentication
pip install drf-auth-kit[social]

# For both MFA and social
pip install drf-auth-kit[all]

Core Dependencies: Django 5.0+, DRF 3.0+, Django Allauth, DRF SimpleJWT

Quick Start

  1. Add to your Django settings:
INSTALLED_APPS = [
    # ... your apps
    'rest_framework',
    'allauth',  # Required for social auth
    'allauth.account',  # Required for social auth
    # 'allauth.socialaccount',  # For social login
    # 'allauth.socialaccount.providers.google',  # For Google login
    'auth_kit',
    # 'auth_kit.social',  # For social authentication
    # 'auth_kit.mfa',  # For MFA support
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'auth_kit.authentication.JWTCookieAuthentication',
    ],
}

# Override only if needed:
# AUTH_KIT = {
#     'USE_MFA': True,  # Enable MFA
# }

# Google OAuth2 settings (for social login)
# SOCIALACCOUNT_PROVIDERS = {
#     'google': {
#         'SCOPE': ['profile', 'email'],
#         'AUTH_PARAMS': {'access_type': 'online'},
#         'OAUTH_PKCE_ENABLED': True,
#         'APP': {
#             'client_id': 'your-google-client-id',
#             'secret': 'your-google-client-secret',
#         }
#     }
# }
  1. Include Auth Kit URLs:
from django.urls import path, include

urlpatterns = [
    path('api/auth/', include('auth_kit.urls')),
    # path('api/auth/social/', include('auth_kit.social.urls')),  # For social auth
    # ... your other URLs
]
  1. Run migrations (only needed if using MFA):
python manage.py migrate

Authentication Types

JWT Authentication (Recommended)
  • Access and refresh tokens
  • Token refresh support
  • Secure cookie storage
DRF Token Authentication
  • Simple token-based auth
  • Compatible with DRF TokenAuthentication
  • Cookie support available
Custom Authentication
  • Bring your own authentication backend
  • Full customization support
  • Integrate with third-party services

Documentation

Please visit DRF Auth Kit docs for complete documentation, including:

  • Detailed configuration options
  • Custom serializer examples
  • Advanced usage patterns
  • Integration guides

Upcoming Features

Enhanced Multi-Factor Authentication

  • Hardware Security Keys: YubiKey and FIDO2/WebAuthn support
  • SMS & Voice: Twilio integration for SMS and voice-based MFA
  • Authenticator Apps: Enhanced TOTP support (Google Authenticator, Authy, etc.)
  • Trusted Devices: Remember MFA verification for trusted browsers/sessions

Passwordless Authentication

  • WebAuthn: Biometric and hardware key authentication
  • Magic Links: Email-based passwordless login
  • SMS Login: One-time password via SMS

Advanced Security Features

  • Rate Limiting: Configurable rate limits for authentication endpoints
  • Account Lockout: Progressive delays and temporary account locks
  • Audit Logging: Comprehensive security event logging
  • Geographic Restrictions: IP-based access controls and geo-blocking

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Modern Django REST Framework authentication toolkit with JWT cookies, social login, and 2FA support

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

115 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases 31

v1.1.4 Latest
Feb 6, 2026
+ 30 releases

Packages

 
 
 

Contributors 4

Languages