Authentication is the most common feature of any web application. we will build a Login API and a Register API using Django Rest Framework and JWT Authentication with djangorestframework-simplejwt.
Prerequisites
- Python installed on your system
- Django installed (pip install django)
Settings Up the Project
1. Create a Django Project
django-admin startproject auth
cd auth
python manage.py startapp accounts
2. installed some required libraries
pip install django djangorestframework djangorestframework-simplejwt
Add the following apps the your INSTALLED_APPS in settings.py.
INSTALLED_APPS = [
...
'rest_framework',
'rest_framework_simplejwt',
'your_app_name',
]
Configure REST_FRAMEWORK to use JWTAuthentication
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
}
Creating Serializers
We will create serailizers for login and registration.
LoginSerializer.py
This serializer handle login data (username and password)
from rest_framework import serializers
class LoginSerializer(serializers.Serializer):
username = serializers.CharField()
password = serializers.CharField()
RegisterSerailizer.py
This serializer validates regster data and also checks password validation and also checks if the email is unique or not.
from .models import User
from rest_framework import serializers
class RegisterSerializer(serializers.ModelSerializer):
password = serializers.CharField(write_only=True)
confirm_password = serializers.CharField(write_only=True)
first_name = serializers.CharField()
last_name = serializers.CharField()
class Meta:
model = User
fields = ['first_name', 'last_name', 'email', 'password', 'confirm_password']
def validate(self, data):
if data['password'] != data['confirm_password']:
raise serializers.ValidationError({"password": "Passwords do not match."})
if User.objects.filter(email=data["email"]).exists():
raise serializers.ValidationError({"email": "A user with this email already exists."})
return data
def create(self, validated_data):
validated_data.pop('confirm_password')
user = User.objects.create_user(
username=validated_data['email'], # Use email as username
email=validated_data['email'],
password=validated_data['password'],
first_name=validated_data['first_name'],
last_name=validated_data['last_name'],
)
return user
Creating a View
We will use Django rest framework (DRF) to define two enpoints: LogInAPI and RegisterAPI:
LoginAPI
This API authenticates the user and returns a JWT token and user details if the user is valid.
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework_simplejwt.tokens import RefreshToken
from rest_framework import status
from django.contrib.auth import authenticate
from .serializer import LoginSerializer
class LoginAPI(APIView):
def post(self, request):
serializer = LoginSerializer(data=request.data)
if serializer.is_valid():
username = serializer.validated_data['username']
password = serializer.validated_data['password']
user = authenticate(username=username, password=password)
if user is not None:
refresh = RefreshToken.for_user(user)
user_data = {
"id": user.id,
"username": user.username,
"email": user.email,
"first_name": user.first_name,
"last_name": user.last_name,
}
return Response({
'status': 200,
'message': 'Login successful',
'data': {
'refresh': str(refresh),
'token': str(refresh.access_token),
'user': user_data,
}
}, status=status.HTTP_200_OK)
return Response({
'status': 400,
'message': 'Invalid username or password'
}, status=status.HTTP_400_BAD_REQUEST)
return Response({
'status': 400,
'message': 'Validation errors',
'errors': serializer.errors
}, status=status.HTTP_400_BAD_REQUEST)
Register API
This API validates and saves new users.
from .serializer import RegisterSerializer
class RegisterAPI(APIView):
def post(self, request):
serializer = RegisterSerializer(data=request.data)
if serializer.is_valid():
user = serializer.save()
user_data = {
"id": user.id,
"username": user.username,
"first_name": user.first_name,
"last_name": user.last_name,
"email": user.email
}
return Response({
'status': 201,
'message': 'User registered successfully',
'data': user_data,
}, status=status.HTTP_201_CREATED)
return Response({
'status': 400,
'message': 'Validation errors',
'errors': serializer.errors,
}, status=status.HTTP_400_BAD_REQUEST)
Defining URLs
Map these APIs in the urls.py file:
from django.urls import path
from .views import LoginAPI, RegisterAPI
urlpatterns = [
path('login', LoginAPI.as_view(), name='login'),
path('register', RegisterAPI.as_view(), name='register'),
]
map accounts app in main urls.py
from django.urls import path, include,
urlpatterns = [
....
path('accounts/', include('accounts.urls')),
]
Testing the APIs
We will test the using Postman.
Register API
Login API
Conclusion
With the Login and Register APIs, your application is now equipped with JWT-based authentication. This implementation is secure, scalable, and easy to integrate into frontend frameworks like React, Angular, or Vue.
Have questions or need further assistance? Leave a comment below! 😊
Login to leave a comment.