Skip to main content

Overview

This guide will help you configure django-allauth in your Django project and get a working authentication system running quickly.
This guide assumes you have already installed django-allauth. If not, check the Installation guide first.

Configuration Steps

Follow these steps to integrate django-allauth into your Django project:
1

Configure Template Context Processors

Add the required context processor to your TEMPLATES setting in settings.py:
settings.py
TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                # Default Django context processors
                'django.template.context_processors.debug',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
                
                # Required by allauth
                'django.template.context_processors.request',
            ],
        },
    },
]
The django.template.context_processors.request context processor is required by allauth and must be included.
2

Configure Authentication Backends

Add the allauth authentication backend to your settings.py:
settings.py
AUTHENTICATION_BACKENDS = [
    # Needed to login by username in Django admin, regardless of `allauth`
    'django.contrib.auth.backends.ModelBackend',

    # `allauth` specific authentication methods, such as login by email
    'allauth.account.auth_backends.AuthenticationBackend',
]
Keep the ModelBackend to ensure Django admin login continues to work normally.
3

Add Apps to INSTALLED_APPS

Add the required allauth apps to INSTALLED_APPS in your settings.py:
For basic account functionality without social authentication:
settings.py
INSTALLED_APPS = [
    # Django built-in apps
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.sites',

    # allauth
    'allauth',
    'allauth.account',

    # Your apps
    # ...
]

SITE_ID = 1
The django.contrib.sites framework is required. Make sure to set SITE_ID = 1 in your settings.
4

Add Account Middleware

Add the account middleware to your MIDDLEWARE setting:
settings.py
MIDDLEWARE = [
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    
    # Add the account middleware:
    'allauth.account.middleware.AccountMiddleware',
]
The AccountMiddleware must be placed after AuthenticationMiddleware.
5

Configure URL Patterns

Add allauth URLs to your project’s urls.py:
urls.py
from django.contrib import admin
from django.urls import path, include

urlpatterns = [
    path('admin/', admin.site.urls),
    path('accounts/', include('allauth.urls')),
    # Your other URL patterns...
]
You can use any URL prefix you prefer instead of accounts/. Common alternatives include auth/ or user/.
6

Run Migrations

Create the necessary database tables:
python manage.py migrate
This will create tables for:
  • User accounts
  • Email addresses
  • Email confirmations
  • Social accounts (if enabled)
  • MFA tokens (if enabled)
7

Configure Basic Settings

Add essential allauth configuration to your settings.py:
settings.py
# Authentication settings
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'

# Signup settings
ACCOUNT_SIGNUP_FIELDS = ['email*', 'password1*', 'password2*']

# Login settings
LOGIN_REDIRECT_URL = '/'
ACCOUNT_LOGOUT_REDIRECT_URL = '/'

Complete Configuration Example

Here’s a complete example of a minimal settings.py configuration: 
import os
from pathlib import Path

BASE_DIR = Path(__file__).resolve().parent.parent

SECRET_KEY = 'your-secret-key-here'
DEBUG = True
ALLOWED_HOSTS = ['127.0.0.1', 'localhost']

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'django.contrib.sites',
    
    # allauth
    'allauth',
    'allauth.account',
    'allauth.socialaccount',
]

MIDDLEWARE = [
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'allauth.account.middleware.AccountMiddleware',
]

ROOT_URLCONF = 'yourproject.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [BASE_DIR / 'templates'],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',
    'allauth.account.auth_backends.AuthenticationBackend',
]

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
}

SITE_ID = 1

# allauth configuration
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
ACCOUNT_SIGNUP_FIELDS = ['email*', 'password1*', 'password2*']

LOGIN_REDIRECT_URL = '/'
ACCOUNT_LOGOUT_REDIRECT_URL = '/'

# Email backend (for development)
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'

Social Provider Configuration

To enable social authentication providers, you need to configure them in your settings: 
SOCIALACCOUNT_PROVIDERS = {
    'google': {
        'SCOPE': [
            'profile',
            'email',
        ],
        'AUTH_PARAMS': {
            'access_type': 'online',
        },
        'APP': {
            'client_id': 'your-google-client-id',
            'secret': 'your-google-client-secret',
            'key': ''
        }
    }
}
Alternatively, you can configure social apps through the Django admin interface instead of settings.

Testing Your Setup

Start the development server and test your authentication system: 
python manage.py runserver
Visit the following URLs to verify everything is working:

Login

http://localhost:8000/accounts/login/

Signup

http://localhost:8000/accounts/signup/

Password Reset

http://localhost:8000/accounts/password/reset/

Admin

http://localhost:8000/admin/

Common Configuration Options

Customize django-allauth behavior with these popular settings:
settings.py
# Allow login by email only
ACCOUNT_AUTHENTICATION_METHOD = 'email'

# Allow login by username only
ACCOUNT_AUTHENTICATION_METHOD = 'username'

# Allow login by either email or username
ACCOUNT_AUTHENTICATION_METHOD = 'username_email'
settings.py
# Mandatory email verification
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'

# Optional email verification (email sent but not required)
ACCOUNT_EMAIL_VERIFICATION = 'optional'

# No email verification
ACCOUNT_EMAIL_VERIFICATION = 'none'
settings.py
# Email and password only
ACCOUNT_SIGNUP_FIELDS = ['email*', 'password1*', 'password2*']

# Username and password
ACCOUNT_SIGNUP_FIELDS = ['username*', 'password1*', 'password2*']

# Username, email, and password
ACCOUNT_SIGNUP_FIELDS = ['username*', 'email*', 'password1*', 'password2*']

# Email with confirmation (type twice)
ACCOUNT_SIGNUP_FIELDS = ['email*', 'email2*', 'password1*']
settings.py
# Enable magic link login (login by email code)
ACCOUNT_LOGIN_BY_CODE_ENABLED = True

# Enable password reset by code instead of link
ACCOUNT_PASSWORD_RESET_BY_CODE_ENABLED = True

# Enable email verification by code instead of link
ACCOUNT_EMAIL_VERIFICATION_BY_CODE_ENABLED = True

# Prevent account enumeration attacks
ACCOUNT_PREVENT_ENUMERATION = True

# Session remember option
ACCOUNT_SESSION_REMEMBER = None  # Ask user
# ACCOUNT_SESSION_REMEMBER = True  # Always remember
# ACCOUNT_SESSION_REMEMBER = False  # Never remember
settings.py
# Rate limiting (default values shown)
ACCOUNT_RATE_LIMITS = {
    'login_failed': '5/5m',  # 5 failed attempts per 5 minutes
    'change_password': '5/5m/user',
    'reauthenticate': '10/1h/user',
    'reset_password': '20/1d/ip',
    'reset_password_email': '20/1h/email',
    'signup': '20/1d/ip',
}

# Require reauthentication for sensitive operations
ACCOUNT_REAUTHENTICATION_REQUIRED = True
ACCOUNT_REAUTHENTICATION_TIMEOUT = 300  # 5 minutes

Important Security Considerations

Session Engine Compatibilitydjango-allauth is NOT compatible with SESSION_ENGINE set to "django.contrib.sessions.backends.signed_cookies".Signed cookies are signed but not encrypted, whereas allauth stores secrets (e.g. verification codes) in the session.
For production environments, always:
  • Use HTTPS
  • Set DEBUG = False
  • Configure proper email backend (not console)
  • Enable rate limiting
  • Use strong SECRET_KEY
  • Enable account enumeration prevention

Creating a Superuser

Create an admin user to access the Django admin: 
python manage.py createsuperuser
You can now:
  1. Access the admin at http://localhost:8000/admin/
  2. Configure social apps
  3. Manage user accounts
  4. View email addresses and verifications

URL Patterns Provided

Once configured, django-allauth provides these URL patterns:
URL PatternDescription
/accounts/login/User login page
/accounts/signup/User registration page
/accounts/logout/Logout endpoint
/accounts/password/reset/Password reset request
/accounts/password/change/Change password (authenticated)
/accounts/email/Manage email addresses
/accounts/confirm-email/<key>/Email confirmation
/accounts/social/connections/Manage social connections
/accounts/social/login/<provider>/Social login initiation
You don’t need to include django.contrib.auth.urls when using allauth, as it provides all necessary authentication URLs.

Example Project

The django-allauth repository includes a fully functional example project: 
# Clone the repository
git clone https://codeberg.org/allauth/django-allauth.git
cd django-allauth/examples/regular-django

# Install dependencies
pip install -r requirements.txt

# Run migrations
python manage.py migrate

# Create superuser
python manage.py createsuperuser

# Run the server
python manage.py runserver
Visit the live demo at: https://django.demo.allauth.org

Next Steps

Account Configuration

Explore all available configuration options

Social Providers

Set up social authentication providers

Templates

Customize the look and feel

Signals

Hook into authentication events