Authentication

Core authentication classes and utilities for DRF Auth Kit.

Authentication Classes

class auth_kit.authentication.AuthKitCookieAuthentication(*args, **kwargs)

Bases: JWTAuthentication

Base authentication class that supports both header and cookie-based authentication.

An authentication plugin that authenticates requests through tokens provided in request cookies or headers, with preference given to headers.

authenticate_credentials(key: str) → tuple[Any, Any] | None

Authenticate using token credentials.

Parameters:: key – The token key to authenticate
Returns:: Tuple of (user, token) if authentication succeeds, None otherwise

authenticate_with_cookie(request: Request, cookie_name: str | None) → tuple[Any, Any] | None

Authenticate using header or cookie-based token with header taking priority.

Parameters:

request – The HTTP request object
cookie_name – Name of the cookie containing the authentication token

Returns:

Tuple of (user, token) if authentication succeeds, None otherwise

custom_authenticate(token: str) → tuple[Any, Any] | None

Custom authentication method for non-standard auth types.

Parameters:: token – The token to authenticate
Returns:: Tuple of (user, token) if authentication succeeds, None otherwise

class auth_kit.authentication.JWTCookieAuthentication(*args, **kwargs)

Bases: AuthKitCookieAuthentication

Authentication class for JWT-based authentication with cookie support.

authenticate(request: Request) → tuple[Any, Any] | None

Authenticate the request using JWT from cookie or header.

Parameters:: request – The HTTP request object
Returns:: Tuple of (user, token) if authentication succeeds, None otherwise

class auth_kit.authentication.TokenCookieAuthentication(*args, **kwargs)

Bases: TokenAuthentication, AuthKitCookieAuthentication

Authentication class for DRF token-based authentication with cookie support.

authenticate(request: Request) → tuple[Any, Any] | None

Authenticate the request using DRF token from cookie or header.

Parameters:: request – The HTTP request object
Returns:: Tuple of (user, token) if authentication succeeds, None otherwise

keyword = 'Bearer'

class auth_kit.authentication.JWTCookieAuthenticationScheme(target)

Bases: SimpleJWTScheme

OpenAPI schema for JWT cookie authentication.

get_security_definition(auto_schema: Any) → list[dict[str, Any]]

Get security definition for OpenAPI schema.

Parameters:: auto_schema – The auto schema generator instance
Returns:: List of security definitions for the schema

name: str | List[str] = ['JWTAuthentication', 'JWTCookieAuthentication']

optional = True

target_class: None | str | Type[object] = 'auth_kit.authentication.JWTCookieAuthentication'

class auth_kit.authentication.TokenCookieAuthenticationScheme(target)

Bases: SimpleJWTScheme

OpenAPI schema for token cookie authentication.

get_security_definition(auto_schema: Any) → list[dict[str, Any]]

Get security definition for OpenAPI schema.

Parameters:: auto_schema – The auto schema generator instance
Returns:: List of security definitions for the schema

name: str | List[str] = ['TokenAuthentication', 'TokenCookieAuthentication']

optional = True

target_class: None | str | Type[object] = 'auth_kit.authentication.TokenCookieAuthentication'

JWT Utilities

auth_kit.jwt_auth.set_auth_kit_cookie(response: Response, cookie_name: str, cookie_value: str, cookie_path: str, cookie_exp_time: datetime | str | None) → None

Set an authentication cookie in the HTTP response.

Parameters:

response – The HTTP response object
cookie_name – Name of the cookie to set
cookie_value – Value to store in the cookie
cookie_path – Path for which the cookie is valid
cookie_exp_time – Expiration time for the cookie

auth_kit.jwt_auth.unset_jwt_cookies(response: Response) → None

Remove JWT authentication cookies from the HTTP response.

Parameters:: response – The HTTP response object

auth_kit.jwt_auth.unset_token_cookie(response: Response) → None

Remove token authentication cookie from the HTTP response.

Parameters:: response – The HTTP response object

auth_kit.jwt_auth.jwt_encode(user: AbstractBaseUser) → tuple[AccessToken, RefreshToken]

Generate JWT access and refresh tokens for a user.

Parameters:: user – The user to generate tokens for
Returns:: Tuple containing (access_token, refresh_token)

Forms

class auth_kit.forms.AllAuthPasswordResetForm(data=None, files=None, auto_id='id_%s', prefix=None, initial=None, error_class=<class 'django.forms.utils.ErrorList'>, label_suffix=None, empty_permitted=False, field_order=None, use_required_attribute=None, renderer=None, bound_field_class=None)

Bases: ResetPasswordForm

Custom password reset form integrated with django-allauth.

Extends the default allauth password reset form to support custom URL generation and Auth Kit settings.

Form fields:

email: Email (EmailField)

clean_email() → str: Validate email for password reset, preventing user enumeration if configured.

property media: Return all media required to render the widgets on this form.

save(request: HttpRequest, **kwargs: Any) → str

Save the password reset form and send reset email.

Parameters:

request – The HTTP request object
**kwargs – Additional keyword arguments including token_generator

Returns:

Email address that the reset email was sent to

auth_kit.forms.password_reset_url_generator(request: HttpRequest, user: AbstractBaseUser, temp_key: str) → str

Generate password reset URL with token and user ID.

Parameters:

request – The HTTP request object
user – The user requesting password reset
temp_key – Temporary token for password reset

Returns:

Complete password reset URL with query parameters