Django SDK

get401-django integrates Get401 authentication into Django via middleware, view decorators, class-based view mixins, and optional Django REST Framework support.

GitHub: get401/python-django

Installation

pip install get401-django
 
# With Django REST Framework support
pip install "get401-django[drf]"

Setup

1. Add settings

# settings.py
GET401_APP_ID = "your-app-id"
GET401_ORIGIN = "https://yourapp.com"
# GET401_HOST = "https://app.get401.com"  # optional

2. Add the middleware

# settings.py
MIDDLEWARE = [
    ...
    "get401_django.middleware.Get401Middleware",
]

The middleware populates request.get401_claims with a TokenClaims instance on every request with a valid aact cookie, or None otherwise.

Function-Based Views

from get401_django.decorators import require_auth, require_roles, require_scope
 
@require_auth
def profile(request):
    return JsonResponse({"user_id": request.get401_claims.sub})
 
# At least one role
@require_roles("ADMIN")
def admin_panel(request):
    ...
 
# All roles required
@require_roles("ADMIN", "SUPERUSER", require_all=True)
def super_admin_panel(request):
    ...
 
@require_scope("reports:export")
def export_report(request):
    ...

Class-Based Views

from django.views import View
from get401_django.decorators import LoginRequired401Mixin, RoleRequired401Mixin
 
class ProfileView(LoginRequired401Mixin, View):
    def get(self, request):
        return JsonResponse({"user_id": request.get401_claims.sub})
 
class AdminView(RoleRequired401Mixin, View):
    required_roles = ["ADMIN"]
 
    def get(self, request):
        return JsonResponse({"message": "Welcome, admin"})
 
class SuperAdminView(RoleRequired401Mixin, View):
    required_roles = ["ADMIN", "SUPERUSER"]
    require_all_roles = True

Django REST Framework

# settings.py
REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": [
        "get401_django.permissions.Get401Authentication",
    ],
}

from rest_framework.views import APIView
from rest_framework.response import Response
from get401_django.permissions import Get401Authentication, IsAuthenticated401, HasRole, HasScope
 
class ProfileView(APIView):
    authentication_classes = [Get401Authentication]
    permission_classes = [IsAuthenticated401]
 
    def get(self, request):
        return Response({"user_id": request.user.sub})
 
class AdminView(APIView):
    authentication_classes = [Get401Authentication]
    permission_classes = [HasRole("ADMIN")]
 
class ExportView(APIView):
    authentication_classes = [Get401Authentication]
    permission_classes = [HasScope("reports:export")]

Testing

Reset the singleton between tests when settings change:

from get401_django._state import reset as reset_get401
 
def setUp(self):
    reset_get401()

HTTP Responses

Situation	Status
Missing `aact` cookie	401
Expired token	401
Invalid / tampered token	401
Missing role or scope	403

← PreviousFastAPI SDK Next →Python Core

Django SDK#

Installation#

Setup#

1. Add settings#

2. Add the middleware#

Function-Based Views#

Class-Based Views#

Django REST Framework#

Testing#

HTTP Responses#