Docs

Django

View on Github

Django

Gravatar for luciano.balmaceda@auth0.com
By Luciano Balmaceda

This tutorial demonstrates how to add user login to a Django application using Auth0. We recommend you to Log in to follow this quickstart with examples configured for your account.

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github
System requirements: python 3.5 and up | django 2.1 and up | social-auth-app-django 3.1 and up | python-jose 3.0 and up | python-dotenv 0.9 and up

New to Auth? Learn How Auth0 works, how it integrates with Regular Web Applications and which protocol it uses.

Prerequisites

Configure Auth0

Steps

Get Your Application Keys

When you signed up for Auth0, a new application was created for you, or you could have created a new one.

You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.

You need the following information:

  • Domain
  • Client ID
  • Client Secret

If you download the sample from the top of this page these details are filled out for you.

If you have more than one application in your account, the sample comes with the values for your Default App.

App Dashboard

Authorize the User

Configure Callback URLs

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.

The callback URL for your app must be whitelisted in the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the callback URL you need to whitelist in the Allowed Callback URLs field is http://localhost:3000/complete/auth0.

Example authorization URL

Configure Logout URLs

A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the returnTo query parameter.

The logout URL for your app must be whitelisted in the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the logout URL you need to whitelist in the Allowed Logout URLs field is http://localhost:3000.

Parameters

Create a Django Application configured to use Auth0

This guide will use social_django which is the Django implementation of Python Social Auth. It adds an OAuth stack to the user authentication & authorization system bundled by the Django Web Framework.

This quickstart uses Django 2, if you are using Django 1 instead, follow the sample.

Response

Install the Dependencies

Add the following dependencies to your requirements.txt:

Once the dependencies are listed in requirements.txt, run the following command:

Request Tokens

Create a Django Project

This guide assumes you already have a Django application set up. If that is not the case, follow the steps in the Django Tutorial.

The sample project was created with the following commands:

Example POST to token URL

Django Settings

The settings.py file contains the configuration of your Django project.

Add one entry for social_django and for your application into the INSTALLED_APPS entry.

  1. Set the Callback URL in the Application Settings to: Add your Auth0 domain, the Client Id and the Client Secret. You can get this information the application settings in the Auth0 Dashboard.

Set the SOCIAL_AUTH_AUTH0_SCOPE variable with the scopes the application will request when authenticating. Check the Scopes documentation for more information.

Parameters

Initialize the Database

The social_django application defined in INSTALLED_APPS requires a database. Run the following command to create all the required databases for the applications defined in INSTALLED_APPS:

Response

Create the Auth0 Authentication Backend

The social_django application is now configured. The next step is to create an authentication backend that bridges social_django with Auth0.

Create a file to implement the custom Auth0 authentication backend.

The callback URL will be calculated by social-auth by concatenating /callback with the backend name property, so it will be /callback/auth0.

Register the authentication backends in settings.py. Add the custom backend for Auth0 and ModelBackend for users to be able to login with username/password method.

Configure the login, redirect login and redirect logout URLs as set below. The LOGIN_URL ends with auth0 as it needs to match the name property of the custom backend defined above.

Call your API

Trigger Authentication

Add a handler for the "index" view in your views.py to render the index.html if the user needs to log in. If the user is already logged in, the "dashboard" view will be shown instead.

Add a link to /login/auth0 in the index.html template.

Refresh Tokens

Display User Information

After the user is logged in, you can access the user information from the request.user property. Add a handler for the /dashboard endpoint in the views.py file. This same "dashboard" view will be displayed when a user that is already logged in tries to visit the "index" view.

Add the following snippet to dashboard.html to display the user information.

Example POST to token URL

Logout

To log a user out, add a link to /logout in dashboard.html.

Then, add a logout method in views.py to clear the session and redirect the user to the Auth0 logout endpoint.

Parameters

Add URL Mappings

In previous steps we added methods to the views.py file. We need to map those methods to URLs.

Django has a URL dispatcher that lets you map URL patterns to views.

Add mappings for the root folder, the dashboard folder, and the authentication applications in urls.py.

Response

Run the Sample

To run the sample from a terminal, change the directory to the root folder of the project and execute the following line:

The application will be accessible on http://localhost:3000. Follow the Log In link to log in or sign up to your Auth0 tenant. Upon successful login or signup, you should be redirected to the user's profile page.

login page

Use Auth0 for FREE