Welcome to JWT Allauth

JWT Allauth delivers SIMPLE authentication for the Django REST module, based on robust frameworks configured in an efficient and stateless way through JWT access/refresh token architecture. The token whitelisting system ensures granular control over user sessions while maintaining minimal database overhead.

With JWT Allauth, gain peace of mind through enterprise-grade security while dedicating your energy to building your app’s unique value proposition.

Features

• Low database load: Designed to minimize database queries through stateless JWT token authentication.

• Token whitelisting system: Implements a refresh token whitelist tied to specific device sessions.

• Enhanced security: Enables revoking access to specific devices or all devices simultaneously.

• Automatic token renewal: Active sessions for extended periods without reauthentication, ideal for mobile apps.

• Email verification: Includes a full REST email verification system during user registration.

• Comprehensive user management: Features password recovery, email-based authentication, and session logout.

• Effortless setup: Get your project up and running with a single command.

Why whitelisting?

The refresh token whitelist tracks devices authorized by the user, stored in the database to verify refresh tokens during access token renewal requests.

This system empowers users to revoke access to stolen/lost devices or log out of all sessions simultaneously. Refresh tokens are regenerated upon each use, ensuring active session tracking. If a refresh token is reused, the system invalidates both tokens and terminates the session tied to the compromised device.

Refresh token auto-renewal enables extended active sessions without repeated logins—ideal for mobile apps, where users shouldn’t need to reauthenticate every time they open the app.

Access tokens provide short-lived authentication credentials (via JWT), enabling stateless API access. This approach minimizes database load by eliminating per-request database queries.

Quick Start

Install using pip…

pip install django-jwt-allauth

You can quickly start a new Django project with JWT Allauth pre-configured using the startproject command:

jwt-allauth startproject myproject

This will create a new Django project called “myproject” with JWT Allauth pre-configured. Then:

cd myproject
python manage.py makemigrations
python manage.py migrate
python manage.py runserver

Available options:

• --email=True - Enables email configuration in the project

• --template=PATH - Uses a custom template directory for project creation

Source Code

The source code is available at GitHub.

Contents

Contents:

• Installation
  • Quick Start
  • Installation for existing projects
• API endpoints
  • Authentication
  • Registration
• Email verification
• Password Reset
  • Overview
  • Configuration
• Configuration
  • settings.py
  • Serializers
  • User Model
  • Refresh token
• View Permissions
  • Usage example
• Test utils
  • Usage example
• JWT Allauth modules
  • Modules
  • Submodules
  • jwt_allauth.adapter module
  • jwt_allauth.exceptions module
  • jwt_allauth.utils module
  • jwt_allauth.test module
  • jwt_allauth.permissions module
  • jwt_allauth.apps module
• Authors
• Release Notes
  • Version 1.0.2

Acknowledgements

This project began as a fork of django-rest-auth. Thanks to the authors for their great work.