Installation
1. Install the package
pip install robustauth
For device and browser detection (OS, browser family, device type):
pip install robustauth[device]
2. Add to INSTALLED_APPS
# settings.py
INSTALLED_APPS = [
...
"rest_framework",
"robustauth",
]
3. Configure DRF authentication
# settings.py
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"robustauth.authentication.RobustTokenAuthentication",
],
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.IsAuthenticated",
],
}
4. Add middleware (optional but recommended)
Attaches request.robust_session to every authenticated request:
MIDDLEWARE = [
...
"robustauth.middleware.RobustAuthMiddleware",
]
5. Mount URL patterns
# urls.py
from django.urls import path, include
urlpatterns = [
path("auth/", include("robustauth.urls")),
...
]
6. Run migrations
python manage.py migrate
7. Add your configuration (optional)
See Configuration for all available settings. A minimal secure setup:
ROBUST_AUTH = {
"SESSION_POLICY": "multi",
"ROTATE_REFRESH_TOKENS": True,
"REVOKE_ON_PASSWORD_CHANGE": True,
"TRACK_IPS": True,
}
Verifying installation
Start your server and hit the login endpoint:
python manage.py runserver
curl -X POST http://localhost:8000/auth/login/ \
-H "Content-Type: application/json" \
-d '{"username": "admin", "password": "yourpassword"}'
You should receive an access_token, refresh_token, and session_id.
Periodic cleanup
Add the cleanup command to your cron or Celery beat to remove expired tokens and prune old history:
# Run daily
python manage.py robustauth_cleanup