django-rest-auth/docs/configuration.rst

Configuration
=============

- **REST_AUTH_SERIALIZERS**

    You can define your custom serializers for each endpoint without overriding urls and views by adding ``REST_AUTH_SERIALIZERS`` dictionary in your django settings.
    Possible key values:

        - LOGIN_SERIALIZER - serializer class in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.LoginSerializer``

        - TOKEN_SERIALIZER - response for successful authentication in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.TokenSerializer``

        - JWT_SERIALIZER - (Using REST_USE_JWT=True) response for successful authentication in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.JWTSerializer``

        - JWT_TOKEN_CLAIMS_SERIALIZER - A custom JWT Claim serializer. Default is ``rest_framework_simplejwt.serializers.TokenObtainPairSerializer``

        - USER_DETAILS_SERIALIZER - serializer class in ``dj_rest_auth.views.UserDetailsView``, default value ``dj_rest_auth.serializers.UserDetailsSerializer``

        - PASSWORD_RESET_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordResetView``, default value ``dj_rest_auth.serializers.PasswordResetSerializer``

        - PASSWORD_RESET_CONFIRM_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordResetConfirmView``, default value ``dj_rest_auth.serializers.PasswordResetConfirmSerializer``

        - PASSWORD_CHANGE_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordChangeView``, default value ``dj_rest_auth.serializers.PasswordChangeSerializer``


    Example configuration:

    .. code-block:: python

        REST_AUTH_SERIALIZERS = {
            'LOGIN_SERIALIZER': 'path.to.custom.LoginSerializer',
            'TOKEN_SERIALIZER': 'path.to.custom.TokenSerializer',
            ...
        }

- **REST_AUTH_REGISTER_SERIALIZERS**

    You can define your custom serializers for registration endpoint.
    Possible key values:

        - REGISTER_SERIALIZER - serializer class in ``dj_rest_auth.registration.views.RegisterView``, default value ``dj_rest_auth.registration.serializers.RegisterSerializer``
    
        .. note:: The custom REGISTER_SERIALIZER must define a ``def save(self, request)`` method that returns a user model instance
- **REST_AUTH_TOKEN_MODEL** - path to model class for tokens, default value ``'rest_framework.authtoken.models.Token'``
- **REST_AUTH_TOKEN_CREATOR** - path to callable or callable for creating tokens, default value ``dj_rest_auth.utils.default_create_token``.
- **REST_SESSION_LOGIN** - Enable session login in Login API view (default: True)
- **REST_USE_JWT** - Enable JWT Authentication instead of Token/Session based. This is built on top of djangorestframework-simplejwt https://github.com/SimpleJWT/django-rest-framework-simplejwt, which must also be installed. (default: False)
- **JWT_AUTH_COOKIE** - The cookie name/key.
- **JWT_AUTH_SECURE** - If you want the cookie to be only sent to the server when a request is made with the https scheme (default: False).
- **JWT_AUTH_HTTPONLY** - If you want to prevent client-side JavaScript from having access to the cookie (default: True).
- **JWT_AUTH_SAMESITE** - To tell the browser not to send this cookie when performing a cross-origin request (default: 'Lax'). SameSite isn’t supported by all browsers.
- **OLD_PASSWORD_FIELD_ENABLED** - set it to True if you want to have old password verification on password change enpoint (default: False)
- **LOGOUT_ON_PASSWORD_CHANGE** - set to False if you want to keep the current user logged in after a password change
- **JWT_AUTH_COOKIE_USE_CSRF** -  Enables CSRF checks for only authenticated views when using the JWT cookie for auth. Does not effect a client's ability to authenticate using a JWT Bearer Auth header without a CSRF token.
- **JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED** - Enables CSRF checks for authenticated and unauthenticated views when using the JWT cookie for auth. It does not effect a client's ability to authenticate using a JWT Bearer Auth header without a CSRF token (though getting the JWT token in the first place without passing a CSRF token isnt possible).
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
+								Configuration
 								=============
-												update configuration doc

											
										
										
											2014-10-09 16:53:39 +04:00
+								- **REST_AUTH_SERIALIZERS**
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												update configuration doc

											
										
										
											2014-10-09 16:53:39 +04:00
+								    You can define your custom serializers for each endpoint without overriding urls and views by adding ``REST_AUTH_SERIALIZERS`` dictionary in your django settings.
 								    Possible key values:
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - LOGIN_SERIALIZER - serializer class in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.LoginSerializer``
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - TOKEN_SERIALIZER - response for successful authentication in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.TokenSerializer``
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - JWT_SERIALIZER - (Using REST_USE_JWT=True) response for successful authentication in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.JWTSerializer``
-												Added tests for JWT, fixed merge issues

											
										
										
											2016-02-16 08:42:18 +03:00
-												Fixes docs

											
										
										
											2020-06-20 21:57:51 +03:00
+								        - JWT_TOKEN_CLAIMS_SERIALIZER - A custom JWT Claim serializer. Default is ``rest_framework_simplejwt.serializers.TokenObtainPairSerializer``
-												Adds docs

											
										
										
											2020-06-20 21:35:16 +03:00
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - USER_DETAILS_SERIALIZER - serializer class in ``dj_rest_auth.views.UserDetailsView``, default value ``dj_rest_auth.serializers.UserDetailsSerializer``
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - PASSWORD_RESET_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordResetView``, default value ``dj_rest_auth.serializers.PasswordResetSerializer``
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - PASSWORD_RESET_CONFIRM_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordResetConfirmView``, default value ``dj_rest_auth.serializers.PasswordResetConfirmSerializer``
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - PASSWORD_CHANGE_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordChangeView``, default value ``dj_rest_auth.serializers.PasswordChangeSerializer``
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												update configuration doc

											
										
										
											2014-10-09 16:53:39 +04:00
+								    Example configuration:
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												update configuration doc

											
										
										
											2014-10-09 16:53:39 +04:00
+								    .. code-block:: python
-												draft version of documentation

											
										
										
											2014-10-09 15:01:47 +04:00
-												update configuration doc

											
										
										
											2014-10-09 16:53:39 +04:00
+								        REST_AUTH_SERIALIZERS = {
 								            'LOGIN_SERIALIZER': 'path.to.custom.LoginSerializer',
 								            'TOKEN_SERIALIZER': 'path.to.custom.TokenSerializer',
 								            ...
 								        }
-												Change the variable name in the doc
											
										
										
											2016-02-25 23:37:08 +03:00
+								- **REST_AUTH_REGISTER_SERIALIZERS**
-												Rewrite registration logic

											
										
										
											2015-11-24 13:11:46 +03:00
 								    You can define your custom serializers for registration endpoint.
 								    Possible key values:
-												Fix typos in the registration serializer documentation

											
										
										
											2020-03-21 13:10:51 +03:00
+								        - REGISTER_SERIALIZER - serializer class in ``dj_rest_auth.registration.views.RegisterView``, default value ``dj_rest_auth.registration.serializers.RegisterSerializer``
-												Add note to docs for defining custom REGISTER_SERIALIZER

#198

											
										
										
											2016-12-01 06:49:25 +03:00
 								        .. note:: The custom REGISTER_SERIALIZER must define a ``def save(self, request)`` method that returns a user model instance
-												Use import_string for getting TokenModel instead of passing class

											
										
										
											2020-04-15 16:26:54 +03:00
+								- **REST_AUTH_TOKEN_MODEL** - path to model class for tokens, default value ``'rest_framework.authtoken.models.Token'``
 								- **REST_AUTH_TOKEN_CREATOR** - path to callable or callable for creating tokens, default value ``dj_rest_auth.utils.default_create_token``.
-												Add support for custom Token model

											
										
										
											2016-01-01 00:10:52 +03:00
+								- **REST_SESSION_LOGIN** - Enable session login in Login API view (default: True)
-												updated docs

											
										
										
											2020-03-11 13:15:32 +03:00
+								- **REST_USE_JWT** - Enable JWT Authentication instead of Token/Session based. This is built on top of djangorestframework-simplejwt https://github.com/SimpleJWT/django-rest-framework-simplejwt, which must also be installed. (default: False)
-												Support for Http-Only JWT Cookies

											
										
										
											2020-03-22 13:41:16 +03:00
+								- **JWT_AUTH_COOKIE** - The cookie name/key.
-												add secure and samesite jwt cookie support

											
										
										
											2020-06-15 18:12:41 +03:00
+								- **JWT_AUTH_SECURE** - If you want the cookie to be only sent to the server when a request is made with the https scheme (default: False).
 								- **JWT_AUTH_HTTPONLY** - If you want to prevent client-side JavaScript from having access to the cookie (default: True).
 								- **JWT_AUTH_SAMESITE** - To tell the browser not to send this cookie when performing a cross-origin request (default: 'Lax'). SameSite isn’t supported by all browsers.
-												version 0.3.1

											
										
										
											2014-11-12 14:18:12 +03:00
+								- **OLD_PASSWORD_FIELD_ENABLED** - set it to True if you want to have old password verification on password change enpoint (default: False)
-												Don't log the user out after change password - Django 1.7

											
										
										
											2015-10-18 07:20:50 +03:00
+								- **LOGOUT_ON_PASSWORD_CHANGE** - set to False if you want to keep the current user logged in after a password change
-												Updates Docs, Bumps Version

											
										
										
											2020-07-10 07:26:53 +03:00
+								- **JWT_AUTH_COOKIE_USE_CSRF** -  Enables CSRF checks for only authenticated views when using the JWT cookie for auth. Does not effect a client's ability to authenticate using a JWT Bearer Auth header without a CSRF token.
 								- **JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED** - Enables CSRF checks for authenticated and unauthenticated views when using the JWT cookie for auth. It does not effect a client's ability to authenticate using a JWT Bearer Auth header without a CSRF token (though getting the JWT token in the first place without passing a CSRF token isnt possible).