Passwordless Auth for Django REST Framework
This update bumps a few dependencies for security and changes how tokens are generated on collision.
This release adds demo users via the 'PASSWORDLESS_DEMO_USERS': {}
setting for App Store Approvals. Thanks for the contribution @budlight.
value
mapped to the user key in the dict.validate_token_age
will always return True if the token's user is in the demo list.– Improves the regex to be more e.164 compliant. – Bumps the max_length from 15 to 17.
This adds case-insensitive aliases for logins. Be warned that if your database already has users with two of the same emails you may need to do manual cleanup work to resolve that conflict after this update.
Added ability to specify serializer for authentication token with
'PASSWORDLESS_AUTH_TOKEN_SERIALIZER': 'drfpasswordless.serializers.TokenResponseSerializer'
This will (for example) allow you to instead of returning DRF's token, return a JWT with access
and refresh
tokens.
A few big changes in 1.5.0:
urls.py
.VERIFY
and AUTH
type to make sure tokens can't be used interchangably.token
must be POST
ed with email
or mobile
corresponding to the user that created it.This version drops Python 2 Support:
Requires: