Django comes with a user authentication system. It handles user accounts, groups, permissions and cookie-based user sessions. This section of the documentation explains how the default implementation works out of the box, as well as how to extend and customize it to suit your project’s needs.
The Django authentication system handles both authentication and authorization. Briefly, authentication verifies a user is who they claim to be, and authorization determines what an authenticated user is allowed to do. Here the term authentication is used to refer to both tasks.
The auth system consists of:
The authentication system in Django aims to be very generic and doesn’t provide some features commonly found in web authentication systems. Solutions for some of these common problems have been implemented in third-party packages:
Authentication support is bundled as a Django contrib module in
django.contrib.auth. By default, the required configuration is already
included in the
settings.py generated by
startproject, these consist of two items listed in your
'django.contrib.auth'contains the core of the authentication framework, and its default models.
'django.contrib.contenttypes'is the Django content type system, which allows permissions to be associated with models you create.
and these items in your
SessionMiddlewaremanages sessions across requests.
AuthenticationMiddlewareassociates users with requests using sessions.
With these settings in place, running the command
manage.py migrate creates
the necessary database tables for auth related models and permissions for any
models defined in your installed apps.