Passwordless Auth for Django Rest Framework
I use Django a lot for my projects, specifically with Django Rest Framework. Not a big fan of passwords though, so I built a little package called drfpasswordless that works with Rest Framework’s Token Authentication scheme to create a user experience akin to Square Cash or Medium’s login / signup flow.
Basically:
- A user enters a contact point like an email address or SMS number.
2. A token or link gets sent to the endpoint.
3. The user enters the token into the field (or clicks the link).
That’s all!
Contact-based authentication feels like the future– it’s faster, more secure, doesn’t require the user to remember anything, and if you’re lucky the incoming push notification has all the information a user needs to continue.
Here’s an example of what drfpasswordless does:
- Give it an email address or mobile number
curl -X POST -d "email=aaron@example.com" localhost:8000/auth/email/
2. A token is sent to the user’s contact point.
...
<h1>Your login token is 128516</h1>
...
3. The user inputs it when challenged, and if valid gets an auth token (provided by Django Rest Framework’s Token Authentication scheme).
curl -X POST -d "token=128516" localhost:8000/callback/auth/
> HTTP/1.0 200 OK
> {"token":"76be2d9ecfaf5fa4226d722bzdd8a4fff207ed0e”}
Features
- Supports both email and SMS (via Twilio).
- Customizable email templates and SMS messages.
- Automatically mark contact points as valid or invalidated when changed.
- Automatically register new contact points as new users.
You can check out or contribute to drfpasswordless on Github.