Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I

User authentication and management are foundational features when starting a new project. Because these tasks are often repeated, various packages have been developed to streamline the process, allowing developers to focus on other aspects of their projects. One such package is Djoser, which integrates seamlessly with Django REST Framework (DRF) to handle authentication and user management. In this guide, I’ll walk you through building a full user authentication system using Djoser, including setting up email functionality and custom email templates.

Setting Up the Project

Start by creating a directory for your project:

mkdir userauth

Navigate to the new directory in your preferred IDE, set up a virtual environment and activate it

python venv .venv
source .venv/bin/activate

Next, install the necessary packages:

pip install django djangorestframework djoser djangorestframework_simplejwt social-auth-app-django drf-yasg

Note: Some dependencies, such as social-auth-app-django, might be installed automatically with Djoser. If so, you can skip explicitly adding them

Once installed, generate a requirements.txt file to track your dependencies:

pip freeze > requirements.txt

You should see all the installed packages listed in the requirements.txt file, including any dependencies.

Create the Django Project and get the server running

django-admin startapp userauth . 

This will create the django project. We then need to create an app inside our project

python manage.py startapp accounts

Your project directory should now contain the following:

• .venv (virtual environment)

• accounts/ (authentication app)

• userauth/ (main project folder)

• manage.py

• requirements.txt

Configuring the Project

Add the required packages and apps to the INSTALLED_APPS section in settings.py:

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

     # Third Party Apps
    'rest_framework',
    'djoser',
    'rest_framework_simplejwt',
    'drf_yasg',

    # Local Apps
    'accounts',
]

Update your settings.py to include configurations for Django REST Framework and SimpleJWT:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
}

Let's create our custom user model since
create managers.py file in the accounts folder
accounts/managers.py

from django.contrib.auth.models import BaseUserManager


class CustomUserManager(BaseUserManager):

    def create_user(self, email, username, password=None, **extra_fields) -> None:

        if not username:
            raise ValueError("Username is required")

        if not email:
            raise ValueError("Email is required")


        email = self.normalize_email(email)
        user = self.model(email=email, username=username, **extra_fields)
        user.set_password(password)
        user.save()
        return user


    def create_superuser(self, email, username, password, **extra_fields):
        """
        Create and save a SuperUser with the given email and password.
        """
        extra_fields.setdefault("is_staff", True)
        extra_fields.setdefault("is_superuser", True)
        extra_fields.setdefault("is_active", True)

        if extra_fields.get("is_staff") is not True:
            raise ValueError("Superuser must have is_staff=True.")

        if extra_fields.get("is_superuser") is not True:
            raise ValueError("Superuser must have is_superuser=True.")

        return self.create_user(email, username, password, **extra_fields)

accounts/models.py

from django.db import models
from django.contrib.auth.models import AbstractUser
from accounts.managers import CustomUserManager



class CustomUser(AbstractUser):
    username = None
    email = models.EmailField(unique=True)
    is_verified = models.BooleanField(default=False)


    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = []

    objects = CustomUserManager()


    def __str__(self):
        return self.email

Add this line in your settings.py file

AUTH_USER_MODEL = 'accounts.CustomUser'

We can go ahead to make our migrations then run the local development server

python manage.py makemigrations
python manage.py migrate
python manage.py runserver

There should be no issues up to this point.

Configuring Djoser URLs

Include the URLs that Djoser provides in your project’s URL patterns, along with Swagger for API documentation:

userauth/urls.py

from django.contrib import admin
from django.urls import include, path
from rest_framework import permissions
from drf_yasg.views import get_schema_view
from drf_yasg import openapi


schema_view = get_schema_view(
    openapi.Info(
        title="User Accounts API",
        default_version="v1",
        description="REST implementation of Django authentication system using Djoser",
        contact=openapi.Contact(email="contact@snippets.local"),
        license=openapi.License(name="BSD License"),
    ),
    public=True,
    permission_classes=(permissions.AllowAny,),
)

urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/docs', schema_view.with_ui("swagger", cache_timeout=0), name="swagger-ui"),
    path('api/', include('djoser.urls')), 
    path('api/', include('djoser.urls.jwt'))
]

Go to http://127.0.0.1:8000/api/docs/ in your browser to view the API documentation.

Configuring Djoser Settings

All settings that can be configured for djoser can be found here Djoser settings

userauth/settings.py

mkdir userauth

Here we are requiring users to receive an activation email. The activation url is the link sent to the user's email for them to click. The token and uid needs to be extracted and a post request sent with them as the body to the activation route in your project

Configuring Email Sending

Finally we need to configure email sending. I'll be using mailtrap for email sending. You can choose to send the email to the console or whatever email service you choose.

For sending the email to your console

python venv .venv
source .venv/bin/activate

Using external mail service

pip install django djangorestframework djoser djangorestframework_simplejwt social-auth-app-django drf-yasg

Replace the placeholders with the correct credentials

To test this out, we'll use postman to test it out.

Creating a new user

Then the activation email sent to the user

Customizing Email Templates

Let's customize the email template a little
Create a template folder in the accounts directory, then create an email folder and go ahead to create template folder in there

accounts/templates/email/activation_email.py
We customize the default email that comes with djoser

pip freeze > requirements.txt

To customize the site name in the template, add this line to the djoser setting

django-admin startapp userauth . 

The email template looks like this now

Extending Activation View

For the last part of this article, let work on the email verification.
We start by customizing the activation view in accounts/views.py:

accounts/views.py

python manage.py startapp accounts

We are extending the activation view on djoser to customize it and set the is_verified field on our user model to true

accounts/urls.py

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

     # Third Party Apps
    'rest_framework',
    'djoser',
    'rest_framework_simplejwt',
    'drf_yasg',

    # Local Apps
    'accounts',
]

Urls file in the project level
userauth/urls.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
}

To test this out create a new test user and click the activation url sent to the email.
You get to this page, because the url does not exist in our project

from the url extract the uid and token and make a post request to the activation route you defined in your accounts/urls.py file

from the screenshot, my route is ;

mkdir userauth

The uid is MTY
The token is cil456-aaf8331efb885f0b4412f35ce544648c

Using the parameters to make a post request to the activate endpoint

This concludes the tutorial for setting up user authentication with Djoser. You now have a functional authentication system with email activation and customizable templates. In the second part of this series, we’ll explore social authentication, enabling users to sign up and log in using third-party services like Google, Facebook, and GitHub. Stay tuned for more!

If you have any questions or feedback, feel free to leave a comment.

The above is the detailed content of Step-by-Step Guide to User Authentication with Django, Djoser, and JWT: Part I. For more information, please follow other related articles on the PHP Chinese website!