Authentication libraries

Introduction

Every application that deals with sensitive data will have to implement some form of access control. To prove the identity of a user, authentication needs to be used. Before that was simply a username and password. Nowadays you can even do biometric scans as part of the authentication step. It is also more common to see multi-factor authentication, where one should show multiple types of proof.

Authentication libraries help with the implementation in existing and new tools. Instead of reinventing the wheel, ready-to-use libraries can simplify the process of authentication. Sometimes as simple as just providing a key to a third party and start.

Usage

Authentication libraries are typically used for authentication and identity and access management.

Users for these tools include developers, security professionals.

Tools

django-sudo ('sudo' for Django applications)

application security

For some destructive events like removing an account, you may want to revalidate if the user really wants to continue. To ensure it is the actual owner of the account, django-sudo requests authentication again within the web application. GitHub uses this as well for some events like ownership changes and deletions.

django-two-factor-auth (Two-factor authentication for Django)

application security

A complete Two-Factor Authentication for Django. It leverages the django-otp tooling together with Django's authentication framework.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.