django allauth
User Registration
Next up is our user registration, or sign up, endpoint. Traditional Django does not ship with built-in views or URLs for user registration and neither does Django REST Framework. Which means we need to write our own code from scratch; a somewhat risky approach given the seriousness– and security implications–of getting this wrong.
A popular approach is to use the third-party package django-allauth which comes with user registration as well as a number of additional features to the Django auth system such as social authentication via Facebook, Google, Twitter, etc.
If we add dj_rest_auth.registration from the dj-rest-auth package then we have user registration endpoints too!
Step 1: Install django-allauth
Then update our INSTALLED_APPS setting. We must add several new configs:
django.contrib.sitesallauthallauth.accountallauth.socialaccountdj_rest_auth.registration
INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"django.contrib.sites", # new
# 3rd-party apps
"rest_framework",
"corsheaders",
"rest_framework.authtoken",
"allauth", # new
"allauth.account", # new
"allauth.socialaccount", # new
"dj_rest_auth",
"dj_rest_auth.registration", # new
# Local
"accounts.apps.AccountsConfig",
"posts.apps.PostsConfig",
]
django-allauth needs to be added to the TEMPLATES configuration after existing context processors as well as setting the EMAIL_BACKEND to console and adding a SITE_ID of 1.
TEMPLATES = [
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": [],
"APP_DIRS": True,
"OPTIONS": {
"context_processors": [
"django.template.context_processors.debug",
"django.template.context_processors.request",
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
"django.template.context_processors.request", # new
],
},
},
]
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend" # new
SITE_ID = 1 # new
The email back-end config is needed since by default an email will be sent when a new user is registered, asking them to confirm their account. Rather than also set up an email server, we will output the emails to the console with the console.EmailBackend setting.
SITE_ID is part of the built-in Django “sites” framework97 , which is a way to host multiple websites from the same Django project. We only have one site we are working on here but django-allauth uses the sites framework, so we must specify a default setting.
Ok. We’ve added new apps so it’s time to update the database.
Then add a new URL route for registration.
# django_project/urls.py
from django.contrib import admin
from django.urls import path, include
urlpatterns = [
path("admin/", admin.site.urls),
path("api/v1/", include("posts.urls")),
path("api-auth/", include("rest_framework.urls")),
path("api/v1/dj-rest-auth/", include("dj_rest_auth.urls")),
path("api/v1/dj-rest-auth/registration/", include("dj_rest_auth.registration.urls")), # new
]
And we’re done. We can run the local server.
There is now a user registration endpoint at:
Conclusion
As a result, a popular, powerful, and secure approach is to rely on the third-party packages dj-rest-auth and django-allauth to minimize the amount of code we have to write from scratch.