Provides various authentication policies.

Module Contents


Return request’s ‘Authorization:’ header, as a bytestring.

Hide some test client ickyness where the header can be unicode.

class CSRFCheck


_reject(self, request, reason)
class BaseAuthentication


All authentication classes should extend BaseAuthentication.

authenticate(self, request)

Authenticate the request and return a two-tuple of (user, token).

authenticate_header(self, request)

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

class BasicAuthentication


HTTP Basic authentication against username/password.

www_authenticate_realm = api
authenticate(self, request)

Returns a User if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns None.

authenticate_credentials(self, userid, password, request=None)

Authenticate the userid and password against username and password with optional request for context.

authenticate_header(self, request)
class SessionAuthentication


Use Django’s session framework for authentication.

authenticate(self, request)

Returns a User if the request session currently has a logged in user. Otherwise returns None.

enforce_csrf(self, request)

Enforce CSRF validation for session based authentication.

class TokenAuthentication


Simple token based authentication.

Clients should authenticate by passing the token key in the “Authorization” HTTP header, prepended with the string “Token “. For example:

Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a
keyword = Token
authenticate(self, request)
authenticate_credentials(self, key)
authenticate_header(self, request)
class RemoteUserAuthentication


REMOTE_USER authentication.

To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have ‘django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting

header = REMOTE_USER
authenticate(self, request)