Code Reference

django-allauth

Django · Reference cheat sheet

django-allauth

Django · Reference cheat sheet


📋 Overview

django-allauth adds local and social authentication: registration, email verification, password reset, and providers (Google, GitHub, etc.). Prefer it over rolling your own auth UI. Works with Django 4.2+/5.x; configure via settings and include its URLs.

🔧 Core concepts

PieceRole
allauth / allauth.accountEmail/username accounts
allauth.socialaccountOAuth providers
ACCOUNT_* settingsVerification, login methods, adapters
TemplatesOverride under templates/account/
AdaptersCustomize redirects and signup behavior
Headless / APINewer allauth headless APIs for SPAs

Install: pip install django-allauth (add provider extras as needed).

💡 Examples

Settings sketch:

INSTALLED_APPS = [
    # Django contrib…
    "django.contrib.sites",
    "allauth",
    "allauth.account",
    "allauth.socialaccount",
    "allauth.socialaccount.providers.github",
]

SITE_ID = 1

AUTHENTICATION_BACKENDS = [
    "django.contrib.auth.backends.ModelBackend",
    "allauth.account.auth_backends.AuthenticationBackend",
]

MIDDLEWARE = [
    # …
    "allauth.account.middleware.AccountMiddleware",  # allauth 0.56+
]

LOGIN_REDIRECT_URL = "/"
ACCOUNT_LOGOUT_REDIRECT_URL = "/"
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "mandatory"  # "optional" | "none"
ACCOUNT_AUTHENTICATION_METHOD = "email"  # or "username" / "username_email"

URLs:

from django.urls import include, path

urlpatterns = [
    path("accounts/", include("allauth.urls")),
]

Provider settings (GitHub):

SOCIALACCOUNT_PROVIDERS = {
    "github": {
        "APP": {
            "client_id": "…",
            "secret": "…",
            "key": "",
        },
        "SCOPE": ["user:email"],
    }
}

Prefer env vars / django-environ over hardcoding secrets.

⚠️ Pitfalls

  • Missing django.contrib.sites + SITE_ID breaks allauth.
  • Email backend must work in production for verification (EMAIL_HOST or console in dev).
  • Custom user models need correct ACCOUNT_USER_MODEL_* / adapter settings.
  • Provider callback URLs must match the OAuth app config exactly (https, path).

On this page