DRF Auth Kit: Complete Authentication Toolkit with Enhanced MFA (Alternative to django-trench) #233
Description
I want to acknowledge the important work that merixstudio and the django-trench contributors have done in bringing multi-factor authentication to Django REST Framework. Your package was one of the first to tackle comprehensive MFA in the Django ecosystem, and the handler-based architecture and security considerations have been valuable contributions to the community.
DRF Auth Kit is a complete authentication toolkit that builds upon the MFA concepts established by django-trench. While DRF Auth Kit provides comprehensive authentication features (JWT, social login, user management), its MFA system draws inspiration from django-trench's approach. Through working with django-trench in various projects, I identified opportunities to simplify the setup process and improve integration with modern Django development practices, while expanding the scope to cover complete authentication needs.
🚀 Why We Built DRF Auth Kit MFA
Having worked with django-trench, we recognized the need for a more streamlined MFA solution that integrates seamlessly with modern Django development:
🔐 Simplified MFA Setup
- Just add
'auth_kit.mfa'to INSTALLED_APPS - no complex configuration - Automatic URL generation - MFA endpoints created automatically when enabled
- Universal integration - works with JWT, Token, and custom authentication backends
- Settings-driven -
USE_MFA: Trueenables entire MFA system
⚡ Intelligent URL Management
- Conditional URL patterns - MFA URLs automatically included when
USE_MFA=True - Automatic endpoint creation:
/login/verify/,/login/change-method/,/login/resend/ - RESTful MFA management:
/mfa/endpoints for method CRUD operations - Complete type safety with mypy/pyright compatibility
🛡️ Advanced Security Features
- Enhanced backup codes with secure hashing and Crockford Base32 encoding
- Ephemeral tokens for MFA verification with configurable expiry
- Multiple MFA methods per user with primary/secondary designation
- Security policies configurable through comprehensive settings
🌍 Superior Developer Experience
- Automatic API documentation (Swagger UI, ReDoc) for all MFA flows
- Two-step authentication with clear error handling
- Extensible handler system for custom MFA methods
- 57 language support with internationalization
📊 Key Improvements Over django-trench
| Feature | django-trench | DRF Auth Kit |
|---|---|---|
| Setup Complexity | ✅ Simple | |
| Type Safety | ❌ | ✅ Full mypy/pyright |
| Auto OpenAPI | ❌ | ✅ Complete |
| Auth Backend Support | ✅ Universal | |
| Custom Handlers | ✅ | ✅ Enhanced |
| Backup Codes | ✅ | ✅ Improved |
| Documentation | ✅ Auto-generated |
🎯 Perfect For django-trench Users
- Projects needing simpler MFA setup
- Teams wanting comprehensive MFA documentation
- Applications using different authentication backends
- Developers seeking extensible MFA solutions
🚀 Key Improvements Over django-trench
- Automatic URL generation - no manual URL configuration needed
- Universal authentication - works with any auth backend
- Settings-driven configuration - comprehensive, typed settings system
- Automatic API documentation - all MFA endpoints documented automatically
- Simplified setup - just add to INSTALLED_APPS and set USE_MFA=True
- Complete type safety with comprehensive type hints
🛠️ MFA Features
- Email MFA with customizable HTML/text templates
- Authenticator App MFA with QR code generation
- Backup codes for account recovery
- Extensible handlers for SMS, hardware keys, etc.
- Management APIs for MFA method CRUD operations
🔗 Resources
- Documentation: drf-auth-kit.readthedocs.io
- GitHub: github.com/forthecraft/drf-auth-kit
- PyPI: pypi.org/project/drf-auth-kit
Installation: pip install drf-auth-kit[mfa]
We deeply appreciate the pioneering work done by the django-trench team in bringing MFA to Django REST Framework. DRF Auth Kit builds upon these concepts while simplifying the implementation and enhancing the developer experience.
We'd love your feedback and contributions! 🚀