Hello everyone, I'm back with a boilerplate project that has saved my time and will hopefully save yours too.
Developers often don't want to take part in the hassle of setting up an authentication system every time a new project is started. I would rather find a boilerplate or package that accomplishes this task (I'm sure I speak for a lot of us by saying this). However, different projects require different ways to authenticate users. Some require email, others phone number, and finding that "perfect" boilerplate for our project can be a difficult task.
There are a lot of boilerplate projects for the default username-based authentication in Django, as well as email authentication. It's fairly easy to customize our Django project to use email instead of username for auth. However, I've not come across a boilerplate that satisfies my requirements for an authentication system using phone number and/or email together with verification. Even if they do, they are not up-to-date.
And I use a combination of the two (phone number and email) mostly in my projects, which is why I decided to create this boilerplate. I've used dj-rest-auth package, a fork of the no longer maintained, django-rest-auth package. I've also included third-party authentication using Google, password change, and reset endpoints. For phone verification I've used Twilio.
Let me know your feedback and anything you would like to see fixed about the project.
I hope this is something will find useful for your next project with room for customization. If you like it, don't forget to leave a star on GitHub.
Top comments (4)
Interesting. But why a boilerplate, Why not a pluggable app, that Django supports so well? And what are the shortcomings of django-mfa that you see?
pypi.org/project/django-mfa/
Hi Bernd, Thanks for the feeback :)
There is no special reason as to why I chose a boilerplate and not a pluggable app. Creating a boilerplate for the task I've been doing a lot came off straightforward.
And I've not seen django-mfa before, but looking at it now, it says that it allows users to authenticate through text message(SMS) or using a token generator app. Does it allow email authentication as well? and also is it compatible with Django version 4?
Can't say, I've only bookmarked as a to-do, to explore using it on my site when I need user logins and such more than at present (I'm still on an internal alpha). Which is why I have an eye open for solutions in this space. Surely the dream of a Django site admin is to have login systems like the big players do, MFA and password recovery, and social media authentication via Google, FB, GitHub etc.
Agree!