User authentication in Django

Django comes with a user authentication system. It handles user accounts,groups, permissions and cookie-based user sessions. This section of thedocumentation explains how the default implementation works out of the box, aswell as how to extend and customize it tosuit your project’s needs.

Overview

The Django authentication system handles both authentication and authorization.Briefly, authentication verifies a user is who they claim to be, andauthorization determines what an authenticated user is allowed to do. Here theterm authentication is used to refer to both tasks.

The auth system consists of:

  • Users
  • Permissions: Binary (yes/no) flags designating whether a user may performa certain task.
  • Groups: A generic way of applying labels and permissions to more than oneuser.
  • A configurable password hashing system
  • Forms and view tools for logging in users, or restricting content
  • A pluggable backend systemThe authentication system in Django aims to be very generic and doesn’t providesome features commonly found in web authentication systems. Solutions for someof these common problems have been implemented in third-party packages:

  • Password strength checking

  • Throttling of login attempts
  • Authentication against third-parties (OAuth, for example)
  • Object-level permissions

Installation

Authentication support is bundled as a Django contrib module indjango.contrib.auth. By default, the required configuration is alreadyincluded in the settings.py generated by django-adminstartproject, these consist of two items listed in yourINSTALLED_APPS setting:

  • 'django.contrib.auth' contains the core of the authentication framework,and its default models.
  • 'django.contrib.contenttypes' is the Django content type system, which allows permissions to be associated withmodels you create.and these items in your MIDDLEWARE setting:

  • SessionMiddleware managessessions across requests.

  • AuthenticationMiddleware associatesusers with requests using sessions.With these settings in place, running the command manage.py migrate createsthe necessary database tables for auth related models and permissions for anymodels defined in your installed apps.

Usage

Using Django’s default implementation

Customizing Users and authentication

Password management in Django