BackendAuthentication
Overview
Authentication system using django-allauth, djoser, and SimpleJWT.
HyperSaaS uses a layered authentication system combining three libraries:
| Library | Purpose |
|---|---|
| django-allauth | Social login, account management, MFA |
| djoser | REST API endpoints for registration, activation, password reset |
| djangorestframework-simplejwt | JWT access/refresh tokens |
Authentication Methods
The REST API supports three authentication methods, checked in order:
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.TokenAuthentication",
"rest_framework_simplejwt.authentication.JWTAuthentication",
),
"DEFAULT_PERMISSION_CLASSES": (
"rest_framework.permissions.IsAuthenticated",
),
}- Session Authentication — Cookie-based, for browser and admin panel
- Token Authentication — DRF token in
Authorization: Token <key>header - JWT Authentication — Bearer token in
Authorization: JWT <access_token>header
Custom User Model
HyperSaaS uses email as the primary identifier instead of username:
class User(AbstractUser):
name = models.CharField(max_length=255, blank=True)
email = models.EmailField(unique=True)
clerk_user_id = models.CharField(max_length=60, unique=True, null=True, blank=True)
USERNAME_FIELD = "email"Authentication Backends
AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.ModelBackend",
"allauth.account.auth_backends.AuthenticationBackend",
]Allauth Settings
ACCOUNT_AUTHENTICATION_METHOD = "email"
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_EMAIL_VERIFICATION = "mandatory"Password Hashing
HyperSaaS uses Argon2 as the primary password hasher:
PASSWORD_HASHERS = [
"django.contrib.auth.hashers.Argon2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
"django.contrib.auth.hashers.BCryptSHA256PasswordHasher",
]