(In editing) Setting Django REST Framework + Google Authentication - Overall

# Setting Django REST Framework + Google Authentication - Overall ## Overview ## Packages to use and configuring settings.py - djangorestframework-simplejwt Simple JWT provides a JSON Web Token authentication backend for the Django REST Framework. It aims to cover the most common use cases of JWTs by offering a conservative set of default features. It also aims to be easily extensible in case a desired feature is not present Add following configurations: ``` REST_FRAMEWORK = { ... 'DEFAULT_AUTHENTICATION_CLASSES': ( ... 'rest_framework_simplejwt.authentication.JWTAuthentication', ) ... } ``` - django-allauth Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. Add following configurations: ``` INSTALLED_APPS = [ ... 'allauth', 'allauth.account', 'allauth.socialaccount', #include the providers you want to enable: 'allauth.socialaccount.providers.google', ] SOCIALACCOUNT_PROVIDERS = { "google": { "SCOPE": [ "profile", "email", ], "AUTH_PARAMS": { "access_type": "online", } } } ``` - PyJWT PyJWT is a Python library which allows you to encode and decode JSON Web Tokens (JWT). JWT is an open, industry-standard (RFC 7519) for representing claims securely between two parties. - dj-rest-auth dj-rest-auth is a set of REST API endpoints to handle User Registration and Authentication tasks. We use this package as allauth package doesn't provide functionality for REST API using DRF. Add following configurations: ``` INSTALLED_APPS = [ ... 'dj_rest_auth', 'dj_rest_auth.registrations', ] *This project depends on django-rest-framework library, so install it if you haven’t done yet. Make sure also you have installed rest_framework and rest_framework.authtoken apps ``` Then, enable JWT authentication ``` REST_FRAMEWORK = { ... 'DEFAULT_AUTHENTICATION_CLASSES': ( ... 'dj_rest_auth.jwt_auth.JWTCookieAuthentication', ) ... } ``` Adding REST_AUTH_SERIALIZERS in your django settings, You can define your custom serializers for each endpoint without overriding urls and views. More info: https://dj-rest-auth.readthedocs.io/en/latest/configuration.html - Substituting a custom User model¶ ``` AUTH_USER_MODEL = 'accounts.CustomUser' ``` Refer to : https://docs.djangoproject.com/en/4.1/topics/auth/customizing/ ## Adding end-points to urls.py (inside project's folder) ``` Add dj_rest_auth urls: urlpatterns = [ ..., path('dj-rest-auth/', include('dj_rest_auth.urls')) ] ``` ## Extending the default User Model To handle user accounts, groups, permissions etc., we can use Django's built-in user authentication system but the official document says that "If you’re starting a new project, it’s highly recommended to set up a custom user model, even if the default User model is sufficient for you" (Django Software Foundation). [Customizing authentication in Django] https://docs.djangoproject.com/en/4.1/topics/auth/customizing/ - django.contrib.auth - ## References djangorestframework-simplejwt https://django-rest-framework-simplejwt.readthedocs.io/en/latest/ django-allauth https://django-allauth.readthedocs.io/en/latest/ PyJWT https://pyjwt.readthedocs.io/en/stable/ dj-rest-auth https://dj-rest-auth.readthedocs.io/en/latest/introduction.html