This project implements a secure authentication system using Django as the backend and React as the frontend. The backend utilizes Django REST Framework (DRF) and SimpleJWT for token-based authentication, with JWT tokens stored in HTTP-only cookies for enhanced security.
- User Registration: Users can register with a username, email, and password.
- Login: Secure login with JWT access and refresh tokens.
- Logout: Tokens are invalidated by clearing cookies.
- Token Refresh: Access tokens can be refreshed using the refresh token stored in cookies.
- Authenticated Endpoints: Users can fetch their private data (e.g., notes) after logging in.
- Custom Authentication: Uses cookies to store and validate JWT tokens.
- Admin Panel:
/admin/
- API Base:
/api/
- Login:
POST /api/token/
Obtain access and refresh tokens. - Refresh Token:
POST /api/token/refresh/
Refresh access tokens using the refresh token. - Logout:
POST /api/logout/
Log out by clearing cookies. - Register:
POST /api/register/
Create a new user account. - Check Authentication:
POST /api/authenticated/
Verify if the user is authenticated.
- Fetch Notes:
GET /api/notes/
Retrieve all notes for the logged-in user.
- Models: Defines
Note
model with a foreign key relationship to theUser
. - Serializers: Includes serializers for user registration, notes, and authentication.
- Views: Implements views for handling authentication, registration, and fetching user-specific data.
- URLs: Organizes routes for the API and application.
-
Login:
- Users log in using their username and password.
- Access and refresh tokens are returned in HTTP-only cookies.
-
Token Validation:
- Securely validate tokens from cookies using custom authentication.
-
Token Refresh:
- Renew access tokens via the refresh token stored in cookies.
-
Logout:
- Clear cookies to log out the user.
- Python 3.8+
- Django 4.0+
- Django REST Framework
- Django REST Framework SimpleJWT
-
Clone the Repository:
git clone https://github.com/ScotuzziJr/Authentication-System cd Authentication-System
-
Install Dependencies:
pip install -r requirements.txt
-
Run Migrations:
python manage.py migrate
-
Start the Development Server:
python manage.py runserver
-
Access the Admin Panel:
- Create a superuser:
python manage.py createsuperuser
- Visit
/admin/
to log in with the superuser credentials.
- Create a superuser:
- Tokens are stored in HTTP-only cookies to prevent access via JavaScript.
- Cookies are marked
Secure
andSameSite=None
to allow cross-site requests over HTTPS.
This project is licensed under the MIT License.