Welcome to JWT Allauth
======================
JWT Allauth delivers **SIMPLE** authentication for the Django REST module, based on robust frameworks configured in an **efficient** and stateless way through **JWT** access/refresh token architecture. The token whitelisting system ensures granular control over user sessions while maintaining minimal database overhead.
With **JWT Allauth**, gain peace of mind through enterprise-grade security while dedicating your energy to building your app's unique value proposition.
Features
--------
- **Low database load**: Designed to minimize database queries through stateless JWT token authentication.
- Token whitelisting system: Implements a refresh token whitelist tied to specific device sessions.
- **Enhanced security**: Enables revoking access to specific devices or all devices simultaneously.
- Automatic token renewal: Active sessions for extended periods without reauthentication, ideal for **mobile apps**.
- Email verification: Includes a full **REST email verification** system during user registration.
- Comprehensive user management: Features password recovery, email-based authentication, and session logout.
- **Effortless setup**: Get your project up and running with a single command.
Why whitelisting?
-----------------
The refresh token whitelist tracks devices **authorized by the user**, stored in the database to verify refresh tokens during access token renewal requests.
This system empowers users to **revoke access** to stolen/lost devices or log out of all sessions simultaneously. Refresh tokens are regenerated upon each use, ensuring active session tracking. If a refresh token is reused, the system invalidates both tokens and terminates the session tied to the compromised device.
Refresh token auto-renewal enables extended active sessions without repeated logins—ideal for **mobile apps**, where users shouldn’t need to reauthenticate every time they open the app.
Access tokens provide short-lived authentication credentials (via JWT), enabling stateless API access. This approach **minimizes database load** by eliminating per-request database queries.
Quick Start
-----------
Install using ``pip``...
pip install django-jwt-allauth
You can quickly start a new Django project with JWT Allauth pre-configured using the `startproject` command:
jwt-allauth startproject myproject
This will create a new Django project called `myproject` with JWT Allauth pre-configured. Then:
cd myproject
python manage.py makemigrations
python manage.py migrate
python manage.py runserver
Available options:
- `--email=True` - Enables email configuration in the project
- `--template=PATH` - Uses a custom template directory for project creation
Email verification
------------------
To enable the email verification, configure the email provider in your ``settings.py`` file.
EMAIL_VERIFICATION = True
EMAIL_HOST = ...
EMAIL_PORT = ...
EMAIL_HOST_USER = ...
EMAIL_HOST_PASSWORD = ...
EMAIL_USE_TLS = ...
DEFAULT_FROM_EMAIL = ...
Redirection URLs
----------------
The relative url to be redirected once the email verified can be configured through:
EMAIL_VERIFIED_REDIRECT = ...
The relative url with the form to set the new password on password reset:
PASSWORD_RESET_REDIRECT = ...
If not configured, users will be redirected to the default password reset form at ``/jwt-allauth/password/reset/default/``. This form provides a modern, responsive interface for password reset with proper form validation and error handling.
Templates
---------
The templates can be configured in a JWT_ALLAUTH_TEMPLATES dictionary:
- ``PASS_RESET_SUBJECT`` - subject of the password reset email (default: ``email/password/reset_email_subject.txt``).
- ``PASS_RESET_EMAIL`` - template of the password reset email (default: ``email/password/reset_email_message.html``).
- ``EMAIL_VERIFICATION_SUBJECT`` - subject of the signup email verification sent (default: ``email/signup/email_subject.txt``).
- ``EMAIL_VERIFICATION`` - template of the signup email verification sent (default: ``email/signup/email_message.html``).
Example:
JWT_ALLAUTH_TEMPLATES = {
'PASS_RESET_SUBJECT': 'mysite/templates/password_reset_subject.txt',
...
}
Acknowledgements
----------------
This project began as a fork of django-rest-auth. Thanks to the authors for their great work.
Raw data
{
"_id": null,
"home_page": null,
"name": "django-jwt-allauth",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "django, rest, auth, registration, rest-framework, django-registration, api, allauth, jwt, whitelist",
"author": null,
"author_email": "Fernando Castellanos <fcastellanos.dev@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/cb/75/90cf5266172f76d322ad075637cbc0bf45cc41c39fa09a37d113906f6b3c/django_jwt_allauth-1.1.1.tar.gz",
"platform": null,
"description": "Welcome to JWT Allauth\n======================\n\nJWT Allauth delivers **SIMPLE** authentication for the Django REST module, based on robust frameworks configured in an **efficient** and stateless way through **JWT** access/refresh token architecture. The token whitelisting system ensures granular control over user sessions while maintaining minimal database overhead.\n\nWith **JWT Allauth**, gain peace of mind through enterprise-grade security while dedicating your energy to building your app's unique value proposition.\n\n\nFeatures\n--------\n\n- **Low database load**: Designed to minimize database queries through stateless JWT token authentication.\n- Token whitelisting system: Implements a refresh token whitelist tied to specific device sessions.\n- **Enhanced security**: Enables revoking access to specific devices or all devices simultaneously.\n- Automatic token renewal: Active sessions for extended periods without reauthentication, ideal for **mobile apps**.\n- Email verification: Includes a full **REST email verification** system during user registration.\n- Comprehensive user management: Features password recovery, email-based authentication, and session logout.\n- **Effortless setup**: Get your project up and running with a single command.\n\n\nWhy whitelisting?\n-----------------\n\nThe refresh token whitelist tracks devices **authorized by the user**, stored in the database to verify refresh tokens during access token renewal requests.\n\nThis system empowers users to **revoke access** to stolen/lost devices or log out of all sessions simultaneously. Refresh tokens are regenerated upon each use, ensuring active session tracking. If a refresh token is reused, the system invalidates both tokens and terminates the session tied to the compromised device.\n\nRefresh token auto-renewal enables extended active sessions without repeated logins\u2014ideal for **mobile apps**, where users shouldn\u2019t need to reauthenticate every time they open the app.\n\nAccess tokens provide short-lived authentication credentials (via JWT), enabling stateless API access. This approach **minimizes database load** by eliminating per-request database queries.\n\n\nQuick Start\n-----------\n\nInstall using ``pip``...\n\n pip install django-jwt-allauth\n\nYou can quickly start a new Django project with JWT Allauth pre-configured using the `startproject` command:\n\n jwt-allauth startproject myproject\n\nThis will create a new Django project called `myproject` with JWT Allauth pre-configured. Then:\n\n cd myproject\n python manage.py makemigrations\n python manage.py migrate\n python manage.py runserver\n\nAvailable options:\n- `--email=True` - Enables email configuration in the project\n- `--template=PATH` - Uses a custom template directory for project creation\n\n\nEmail verification\n------------------\n\nTo enable the email verification, configure the email provider in your ``settings.py`` file.\n\n EMAIL_VERIFICATION = True\n EMAIL_HOST = ...\n EMAIL_PORT = ...\n EMAIL_HOST_USER = ...\n EMAIL_HOST_PASSWORD = ...\n EMAIL_USE_TLS = ...\n DEFAULT_FROM_EMAIL = ...\n\n\nRedirection URLs\n----------------\n\nThe relative url to be redirected once the email verified can be configured through:\n\n EMAIL_VERIFIED_REDIRECT = ...\n\nThe relative url with the form to set the new password on password reset:\n\n PASSWORD_RESET_REDIRECT = ...\n\nIf not configured, users will be redirected to the default password reset form at ``/jwt-allauth/password/reset/default/``. This form provides a modern, responsive interface for password reset with proper form validation and error handling.\n\n\nTemplates\n---------\n\nThe templates can be configured in a JWT_ALLAUTH_TEMPLATES dictionary:\n\n - ``PASS_RESET_SUBJECT`` - subject of the password reset email (default: ``email/password/reset_email_subject.txt``).\n - ``PASS_RESET_EMAIL`` - template of the password reset email (default: ``email/password/reset_email_message.html``).\n - ``EMAIL_VERIFICATION_SUBJECT`` - subject of the signup email verification sent (default: ``email/signup/email_subject.txt``).\n - ``EMAIL_VERIFICATION`` - template of the signup email verification sent (default: ``email/signup/email_message.html``).\n\nExample:\n\n JWT_ALLAUTH_TEMPLATES = {\n 'PASS_RESET_SUBJECT': 'mysite/templates/password_reset_subject.txt',\n ...\n }\n\n\nAcknowledgements\n----------------\nThis project began as a fork of django-rest-auth. Thanks to the authors for their great work.\n",
"bugtrack_url": null,
"license": null,
"summary": "Powerful JWT-allauth authentication for Django REST Framework that keeps the device session alive by renewing and whitelisting the refresh token.",
"version": "1.1.1",
"project_urls": {
"Documentation": "https://jwt-allauth.readthedocs.io/",
"Homepage": "https://github.com/castellanos-dev/jwt-allauth",
"Repository": "https://github.com/castellanos-dev/jwt-allauth"
},
"split_keywords": [
"django",
" rest",
" auth",
" registration",
" rest-framework",
" django-registration",
" api",
" allauth",
" jwt",
" whitelist"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "d2e22f5983d4fe433f62b6f5bf03530032f7ca30f04b3388af134872a336137a",
"md5": "42424821b0940ee862813e7eee8a773d",
"sha256": "e52b4d6d56ffbc62757fe73f943c70c78a55ee99402aef36c1663228602c24e8"
},
"downloads": -1,
"filename": "django_jwt_allauth-1.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "42424821b0940ee862813e7eee8a773d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 66991,
"upload_time": "2025-10-11T16:53:18",
"upload_time_iso_8601": "2025-10-11T16:53:18.364025Z",
"url": "https://files.pythonhosted.org/packages/d2/e2/2f5983d4fe433f62b6f5bf03530032f7ca30f04b3388af134872a336137a/django_jwt_allauth-1.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "cb7590cf5266172f76d322ad075637cbc0bf45cc41c39fa09a37d113906f6b3c",
"md5": "24d5cf95eb5324c877b86fc00f363321",
"sha256": "5f3cf8dc3ea28893a498e4ff0a2086e279803ca2c7378d7e14a5b978084e6dfb"
},
"downloads": -1,
"filename": "django_jwt_allauth-1.1.1.tar.gz",
"has_sig": false,
"md5_digest": "24d5cf95eb5324c877b86fc00f363321",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 41818,
"upload_time": "2025-10-11T16:53:19",
"upload_time_iso_8601": "2025-10-11T16:53:19.880144Z",
"url": "https://files.pythonhosted.org/packages/cb/75/90cf5266172f76d322ad075637cbc0bf45cc41c39fa09a37d113906f6b3c/django_jwt_allauth-1.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-11 16:53:19",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "castellanos-dev",
"github_project": "jwt-allauth",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "django-jwt-allauth"
}
JSON
