Configuration

dj-rest-auth behaviour can be controlled by adjust settings in settings.py:

# Django project settings.py

...

REST_AUTH = {
    'LOGIN_SERIALIZER': 'dj_rest_auth.serializers.LoginSerializer',
    'TOKEN_SERIALIZER': 'dj_rest_auth.serializers.TokenSerializer',
    'JWT_SERIALIZER': 'dj_rest_auth.serializers.JWTSerializer',
    'JWT_SERIALIZER_WITH_EXPIRATION': 'dj_rest_auth.serializers.JWTSerializerWithExpiration',
    'JWT_TOKEN_CLAIMS_SERIALIZER': 'rest_framework_simplejwt.serializers.TokenObtainPairSerializer',
    'USER_DETAILS_SERIALIZER': 'dj_rest_auth.serializers.UserDetailsSerializer',
    'PASSWORD_RESET_SERIALIZER': 'dj_rest_auth.serializers.PasswordResetSerializer',
    'PASSWORD_RESET_CONFIRM_SERIALIZER': 'dj_rest_auth.serializers.PasswordResetConfirmSerializer',
    'PASSWORD_CHANGE_SERIALIZER': 'dj_rest_auth.serializers.PasswordChangeSerializer',

    'REGISTER_SERIALIZER': 'dj_rest_auth.registration.serializers.RegisterSerializer',

    'REGISTER_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',),

    'TOKEN_MODEL': 'rest_framework.authtoken.models.Token',
    'TOKEN_CREATOR': 'dj_rest_auth.utils.default_create_token',

    'PASSWORD_RESET_USE_SITES_DOMAIN': False,
    'OLD_PASSWORD_FIELD_ENABLED': False,
    'LOGOUT_ON_PASSWORD_CHANGE': False,
    'SESSION_LOGIN': True,
    'USE_JWT': False,

    'JWT_AUTH_COOKIE': None,
    'JWT_AUTH_REFRESH_COOKIE': None,
    'JWT_AUTH_REFRESH_COOKIE_PATH': '/',
    'JWT_AUTH_SECURE': False,
    'JWT_AUTH_HTTPONLY': True,
    'JWT_AUTH_SAMESITE': 'Lax',
    'JWT_AUTH_RETURN_EXPIRATION': False,
    'JWT_AUTH_COOKIE_USE_CSRF': False,
    'JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED': False,
}

Above, the default values for these settings are shown.

LOGIN_SERIALIZER

The path to the serializer class for the login in dj_rest_auth.views.LoginView. The value is the dotted path to dj_rest_auth.serializers.LoginSerializer, which is also the default.

TOKEN_SERIALIZER

The path to the serializer class for the Token response on successful authentication in dj_rest_auth.views.LoginView. The value is the dotted path to dj_rest_auth.serializers.TokenSerializer, which is also the default.

JWT_SERIALIZER

The path to the serializer class for the JWT response on successful authentication in dj_rest_auth.views.LoginView. The value is the dotted path to dj_rest_auth.serializers.JWTSerializer, which is also the default. Requires USE_JWT=True in settings.

JWT_SERIALIZER_WITH_EXPIRATION

The path to the serializer class for the JWT response with its expiration time on successful authentication in dj_rest_auth.views.LoginView. The value is the dotted path to dj_rest_auth.serializers.JWTSerializerWithExpiration, which is also the default. Requires USE_JWT=True in settings.

JWT_TOKEN_CLAIMS_SERIALIZER

The path to the serializer class for the JWT Claims on successful authentication in dj_rest_auth.views.LoginView. The value is the dotted path to rest_framework_simplejwt.serializers.TokenObtainPairSerializer, which is also the default. Requires USE_JWT=True in settings.

USER_DETAILS_SERIALIZER

The path to the serializer class for the User details in dj_rest_auth.views.UserDetailsView. The value is the dotted path to dj_rest_auth.serializers.UserDetailsSerializer, which is also the default.

PASSWORD_RESET_SERIALIZER

The path to the serializer class for the password reset in dj_rest_auth.views.PasswordResetView. The value is the dotted path to dj_rest_auth.serializers.PasswordResetSerializer, which is also the default.

PASSWORD_RESET_CONFIRM_SERIALIZER

The path to the serializer class for the password reset confirm in dj_rest_auth.views.PasswordResetConfirmView. The value is the dotted path to dj_rest_auth.serializers.PasswordResetConfirmSerializer, which is also the default.

PASSWORD_CHANGE_SERIALIZER

The path to the serializer class for the password change in dj_rest_auth.views.PasswordChangeView. The value is the dotted path to dj_rest_auth.serializers.PasswordChangeSerializer, which is also the default.

REGISTER_SERIALIZER

The path to the serializer class for the register in dj_rest_auth.registration.views.RegisterView. The value is the dotted path to dj_rest_auth.registration.serializers.RegisterSerializer, which is also the default.

Note

The custom REGISTER_SERIALIZER must define a def save(self, request) method that returns a user model instance.

REGISTER_PERMISSION_CLASSES

A tuple that contains paths to the permission classes for the register in dj_rest_auth.registration.views.RegisterView. The value is the dotted path to path.to.another.permission.class. rest_framework.permissions.AllowAny is included by default.

TOKEN_MODEL

The path to the model class for the token. The value is the dotted path to rest_framework.authtoken.models.Token, which is also the default. If set to None token authentication will be disabled. In this case at least one of SESSION_LOGIN or USE_JWT must be enabled.

TOKEN_CREATOR

The path to callable for creating tokens. The value is the dotted path to dj_rest_auth.utils.default_create_token, which is also the default.

PASSWORD_RESET_USE_SITES_DOMAIN

If set to True, the domain in the password reset e-mail will be set to the domain you defined in django.contrib.sites module with SITE_ID=1. Default is False.

OLD_PASSWORD_FIELD_ENABLED

If set to True, old password verification in dj_rest_auth.views.PasswordChangeView will be added. Default is False.

LOGOUT_ON_PASSWORD_CHANGE

If set to True, current user will be logged out after a password change. Default is False.

SESSION_LOGIN

If set to True, session login in dj_rest_auth.views.LoginView will be enabled. Default is True.

USE_JWT

If set to True, JWT Authentication in dj_rest_auth.views.LoginView will be used instead of Token or Session based login. Default is False.

Note

JWT Authentication in dj-rest-auth is built on top of djangorestframework-simplejwt https://github.com/SimpleJWT/django-rest-framework-simplejwt. You must install it in order to be able to use JWT Authentication in dj-rest-auth.

JWT_AUTH_SECURE

If set to True, the cookie will only be sent through https scheme. Default is False.

JWT_AUTH_HTTPONLY

If set to True, the client-side JavaScript will not be able to access the cookie. Default is True.

Note

refresh_token will not be sent if JWT_AUTH_HTTPONLY set to True, set it to False if you need refresh_token.

JWT_AUTH_SAMESITE

To tell the browser not to send this cookie when performing a cross-origin request. Default is 'Lax'. SameSite isn’t supported by all browsers.

JWT_AUTH_RETURN_EXPIRATION

If set to True, the access_token and refresh_token expiration time will be included in response on successful JWT Authentication in dj_rest_auth.views.LoginView. Default is False.