Understanding Django authentication

Thursday 5:00 pm to 5:50 pm, in Salon A-E

About This Talk

Django provides us a great built-in authentication system. Although it is an awesome asset for doing web development strictly with Django, when you try to do something a bit out of the box, you’ll need to integrate with other options.

Single page applications, APIs, Distributed systems, single sign-on, and social login are just some cases that we need to go beyond the Django authentication/session system and do something new. Techniques like Oauth2, Token, and JWT are just a few that we can use nowadays, but how they integrate with Django? And what to do when we have requirements that don’t fit in already existing solutions?

You need to understand how auth works and it’s not hard. Understanding it at a base level makes more advanced authentication systems easier to implement.

In this talk, we’re going to walk through Django internals to understand what happens when you Login on a website and after when we need to have our request authorized to perform actions on our application.

We’ll also understand how third-party authentication apps work, which technique to choose for each case and we’ll create a custom auth for an edge case.

  • Introduction (1 min)
  • Authentication, HTTP and RFCs (6 min)
  • Session-based authentication (4 min)
  • Django Authentication System (6 min)
  • Oauth2 (6 min)
  • JWT (4 min)
  • Token-based authentication (3 min)
  • Extending Django’s authentication system (6 min)


    Photo of

    Renato Oliveira

    Co-founder at Labcodes Software studio, a Brazilian based software development/consulting firm. I’m passionate about communities and how they can change lives. I Organized a few local python meetups and one Python Brasil (the Brazilian Pycon).