Django’s authentication system is great out of the box, and very useful when we want to manage users logging into our web apps. But, since it’s all set up for us automatically when we create our new Django project, sometimes it can be a little mysterious.
I’ll clear up some of its mysteries by going over each aspect of authentication in Django and give tips on how to better utilize it for web applications. The authentication package has three main aspects: Users, Groups, and Permissions, along with some authentication middleware to tie it all together.
First I’ll cover Django’s User model, which is the core of the authentication package. I’ll explain how it interacts with the web app, and I’ll even give a few tips on how it can be customized.
Then I’ll talk about Groups, and how they interact with the User model. I’ll give some tips on how to manage users in web apps based on groups to get the most out of them.
Then I’ll cover permissions, which relate to how users can interact with the web app. I’ll go over some examples for how to use the default permissions, how to set up custom permissions, and how this is particularly used in the Django admin panel.
Finally, I’ll talk about Django’s authentication middleware, and how users are authenticated throughout the app. I’ll cover examples for how users get sent through requests, and how to handle logic surrounding authentication in Django’s views and templates.