Accounts App
The Accounts app is the authentication backbone of every Django-CFG project — passwordless login, tokens, social auth, and abuse protection, zero boilerplate.
Full Stack Picture
What’s Included
| Feature | Description |
|---|---|
| OTP Login | Passwordless email — 6-digit codes, 10-min expiry |
| JWT Tokens | Access + refresh with rotation and blacklist |
| 2FA (TOTP) | Google Auth, Authy, any TOTP app |
| OAuth | GitHub social login |
| Brute-force protection | 4-layer defense — IP rate limits, per-email throttle, lockout |
| Email validation | 5-layer pipeline: syntax → TLD → specials → disposable blocklist → MX |
| Soft delete | GDPR-safe account archive |
| Cleanup jobs | RQ tasks for expired OTPs and JWT blacklist |
Enable
from django_cfg import DjangoConfig, JWTConfig
class MyConfig(DjangoConfig):
enable_accounts = True
jwt = JWTConfig() # secure defaults: 30-min access, 90-day refresh, rotation onFrontend Integration
AuthLayout, useAuth / useAuthForm hooks, middleware
OTP & Brute-ForceAuth flow, throttle layers, anti-enumeration
JWTToken lifetimes, rotation, blacklist
Two-Factor AuthTOTP setup, enforcement, backup codes
OAuth (GitHub)Social login, account linking, CSRF protection
TAGS: accounts, otp, jwt, 2fa, oauth, authentication DEPENDS_ON: [frontend, otp, jwt, two-factor, oauth]
Last updated on
Django-CFG