RobustAuth Documentation

Modern session-based opaque token authentication for Django REST Framework.

RobustAuth replaces JWT complexity with secure, database-backed opaque tokens — giving you instant revocation, full session intelligence, and production-grade security controls out of the box.


Why RobustAuth?

Most Django auth packages make you choose between simplicity and power. DRF’s built-in TokenAuthentication is simple but has no revocation, no sessions, no history. SimpleJWT adds refresh tokens but locks you into JWT — which can’t be instantly revoked.

RobustAuth gives you the best of both worlds: the simplicity of opaque tokens with the full session intelligence of a modern auth system.


Documentation


Quick Example

# settings.py
INSTALLED_APPS = [
    ...
    "rest_framework",
    "robustauth",
]

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": [
        "robustauth.authentication.RobustTokenAuthentication",
    ],
}

ROBUST_AUTH = {
    "SESSION_POLICY": "single",   # one active session per user
    "ROTATE_REFRESH_TOKENS": True,
    "TRACK_IPS": True,
}
# Login
curl -X POST http://localhost:8000/auth/login/ \
  -H "Content-Type: application/json" \
  -d '{"username": "alice", "password": "secret"}'

# Response
{
  "access_token": "a3f9...",
  "refresh_token": "b7c2...",
  "session_id": "550e8400-...",
  "token_type": "Bearer"
}

Requirements

  • Python 3.10+

  • Django 4.2+

  • Django REST Framework 3.14+

  • user-agents (optional, for device/browser detection)