Python ยท Django
PyPI versionCI status

Authentication for Django

A middleware that resolves the session, a require_auth decorator, and a logout handler for Django โ€” integrated with the request and view lifecycle. Validate Authdog sessions on every request, on the same wire as the Node SDKs.

Middleware and decorators

Everything Django apps need

A drop-in middleware that resolves the session, a require_auth decorator, and a typed context on request.authdog_context โ€” idiomatic Django, wire-compatible with the rest of your Authdog stack.

One middleware, resolved once

Add authdog.middleware to MIDDLEWARE and every request gets a resolved AuthdogContext on request.authdog_context. It never raises โ€” anonymous requests simply resolve to an unauthenticated context.

require_auth decorator

Wrap a view in @authdog.require_auth and Django returns JsonResponse({'error': 'Unauthorized'}, status=401) for unauthenticated requests. This is the security boundary.

Read the session anywhere

authdog.session(request) returns the typed context โ€” token, user, and is_authenticated โ€” from any view, resolved by the middleware and reused for the request.

At most one userinfo call

The resolved context is cached on the request, so the middleware, a require_auth view, and session() all share a single outbound userinfo call.

Safe logout handler

authdog.logout(request) returns an HttpResponseRedirect that clears the session cookie and redirects to a redirect_uri sanitized against open redirects.

Same wire as Node

It mirrors @authdog/express and @authdog/fastify on the wire, so one Authdog environment serves your Node and Django services interchangeably.

Gate views with a decorator

Protect a view with require_auth

Decorate a view with @authdog.require_auth and Django rejects unauthenticated requests with a 401 before your view runs. Read the verified user from authdog.session(request), resolved once per request.

views.py
# views.py
@authdog.require_auth
def me(request):
return JsonResponse(authdog.session(request).user)

Ship secure Django apps

Authdog's Django binding resolves the session in one middleware and enforces auth at a single decorator, caching the result on the request so each request makes at most one userinfo call.

1 line

In MIDDLEWARE

Register authdog.middleware and every request carries a resolved context โ€” no per-view wiring.

require_auth

The single enforcement point

Decorate a view with @authdog.require_auth and unauthenticated requests get a 401 before your view runs.

lazy import

Django touched only when used

import authdog.django works without Django configured; the framework is only imported when a binding is actually called.

Add auth to your Django app.

pip install 'authdog-fastapi[django]', register the middleware, and gate your views with require_auth today. Free to start, with secure defaults built in.