Jump to >

This documentation covers the in-development release of Djblets. You can see the latest stable docs or all previous versions.


Authentication support for using API tokens.

This provides two classes needed for integrating API token support.

TokenAuthBackendMixin must be subclassed or mixed into an authentication backend and registered in AUTHENTICATION_BACKENDS.

WebAPITokenAuthBackend must then be added to the API authentication list at settings.WEB_API_AUTH_BACKENDS.

class TokenAuthBackendMixin[source]

Mixin for a standard auth backend for API token authentication.

This will handle authenticating users and their API tokens for API requests. It’s only used for API requests that specify a username and a token.

This class is meant to be subclassed and mixed in to another auth backend. Subclasses must define api_token_model.

api_token_model = None[source]

The API token model to use for any token lookups.

authenticate(request, token=None, **kwargs)[source]

Authenticate a user, given a token ID.

  • request (django.http.HttpRequest) – The request object.

  • token (unicode, optional) – The API token ID to authenticate with.

  • **kwargs (dict) – Keyword arguments for future expansion.


The resulting user, if a token matched, or None otherwise.

Return type


class WebAPITokenAuthBackend[source]

Authenticates users using their generated API token.

This will check the HTTP_AUTHORIZATION header for a token <token> value. If found, it will attempt to find the user that owns the token, and authenticate that user.


Return credentials for the token.

If the request is attempting to authenticate with a token, this will return a dictionary containing the token in a token key.


request (HttpRequest) – The HTTP request from the client.


A dictionary containing the token in a token key, if the client requested a token for authentication.

Return type


login_with_credentials(request, **credentials)[source]

Log the user in with the given credentials.

This performs the standard authentication operations, and then stores some session state for any restrictions specified by the token.

  • request (HttpRequest) – The HTTP request from the client.

  • credentials (dict) – The credentials data from the request.


See the return type in WebAPIAuthBackend.authenticate().

Return type

tuple or None