Djuix.io Docs

Djuix.io

Authentication in Djuix.io

Overview

Authentication is essential for securing your API endpoints, and Djuix provides a robust system to manage user authentication through JSON Web Tokens (JWT). The authentication system is designed to be both powerful and user-friendly, allowing you to set up secure endpoints with minimal configuration.This documentation outlines how to set up and use the Auth plugin in Djuix to protect your API.

Setting Up Authentication

1. Access the Auth Plugin

• Navigate to the Sidebar in Djuix.
• Click on Plugins and select Auth.

2. Define Username Field

• Choose the username field for user registration. You can select either:
  • Username: A custom username chosen by the user.
  • Email: The user's email address.

3. Configure Token Expiration

• Access Token Expiration: Specify the duration (in minutes) before the access token expires. For example, set to 30 for a 30-minute expiration.
• Refresh Token Duration: Specify how many days the refresh token will be valid. For example, set to 7 for a 7-day validity.

4. Define Required Fields

• Specify the fields that users must fill out during registration. These fields will be validated against the input data.

5. Create Auth

• Once you have defined the necessary fields and configurations, Djuix will handle the flow to create the authentication setup.

1021(1).mp4

Djuix Auth Setup

The Auth Manager

After defining the fields, the Auth Manager will manage user creation using Django’s built-in BaseUserManager. This includes:

• Creating a standard user.

• Creating a superuser with elevated privileges.

  

Model Integration

• Utilize Django's AbstractBaseUser and PermissionsMixin to define your custom user model.

• Implement the CustomAuthManager for managing user authentication and permissions.

  

JWT Usage

The inclusion of JWTs is handled within the Djuix.io system. The tokens can be used to authenticate users by including them in the Authorization header as a Bearer token.

When a user successfully authenticates, they receive an access token and a refresh token.

• The access token should be included in the Authorization header of subsequent requests:

Authorization: Bearer <access_token>

• The refresh token can be used to obtain a new access token when the current one expires.

Note: Depending on your project's requirements, Djuix can automatically create an Auth profile when you set up a project using the AI project creation.

Djuix's authentication system provides a secure, flexible, and easy-to-implement solution for protecting your API endpoints. By leveraging JWT and providing an intuitive configuration interface, Djuix ensures that you can focus on building your API's core functionality while maintaining robust security practices.

Remember to regularly review and update your authentication settings, especially token expiry times, to maintain the security of your application.