Django Token Authentication Backend

This project provides a robust token-based authentication backend using Django Rest Framework. It includes endpoints for user registration, login (to obtain a token), logout (to invalidate a token), and a protected example endpoint that requires authentication.

---

🚀 Features

• User Registration (/api/register/)
• User Login (/api/login/) – Returns an authentication token
• User Logout (/api/logout/) – Invalidates the token
• Protected API Endpoint (/api/protected/) – Accessible only with a valid token
• CORS Configured for frontend integration

---

⚙️ Setup Instructions

Follow these steps to get the Django backend up and running on your local machine.

1. Clone the Repository

git clone <your-repository-url>
cd token_auth_project

2. Create a Virtual Environment

python -m venv venv

3. Activate the Virtual Environment

macOS/Linux:

source venv/bin/activate

Windows (Command Prompt):

venv\Scripts\activate.bat

Windows (PowerShell):

venv\Scripts\Activate.ps1

4. Install Dependencies

pip install -r requirements.txt

5. Configure Project Files

• Allow CORS from your frontend:

CORS_ALLOWED_ORIGINS = [
    "http://localhost:3000",
]

6. Run Database Migrations

python manage.py makemigrations
python manage.py migrate

7. Create a Superuser (Optional)

python manage.py createsuperuser

8. Run the Development Server

python manage.py runserver

Backend will be available at: http://127.0.0.1:8000/

---

🔌 API Endpoints

All endpoints are prefixed with /api/.

📥 POST /api/register/

Description: Register a new user.

Request Body:

{
  "username": "newuser",
  "email": "[email protected]",
  "password": "strongpassword123",
  "password2": "strongpassword123"
}

Success Response:

{
  "message": "User registered successfully",
  "username": "newuser",
  "token": "your_generated_token"
}

🔐 POST /api/login/

Description: Authenticate user and obtain token.

Request Body:

{
  "username": "existinguser",
  "password": "theirpassword"
}

Success Response:

{
  "message": "Login successful",
  "username": "existinguser",
  "token": "your_generated_token"
}

🚪 POST /api/logout/

Description: Logout user and invalidate token.

Headers:

Authorization: Token <your_authentication_token>

Success Response:

{
  "message": "Logout successful"
}

🔒 GET /api/protected/

Description: Access a protected endpoint.

Headers:

Authorization: Token <your_authentication_token>

Success Response:

{
  "message": "Hello, <username>! You are authenticated and can access this protected data.",
  "user_id": 1,
  "email": "[email protected]"
}

Unauthorized Response:

{
  "detail": "Authentication credentials were not provided."
}  

---

🧪 Testing Endpoints

Use tools like curl, Postman, or Insomnia.

Register a User

curl -X POST -H "Content-Type: application/json" \
-d '{"username": "testuser", "email": "[email protected]", "password": "password123", "password2": "password123"}' \
http://127.0.0.1:8000/api/register/

Login and Get Token

curl -X POST -H "Content-Type: application/json" \
-d '{"username": "testuser", "password": "password123"}' \
http://127.0.0.1:8000/api/login/

Access Protected Endpoint

curl -X GET -H "Authorization: Token YOUR_TOKEN_HERE" \
http://127.0.0.1:8000/api/protected/

Logout

curl -X POST -H "Authorization: Token YOUR_TOKEN_HERE" \
http://127.0.0.1:8000/api/logout/

📝 License

This project is open-source and free to use.

💡 Contribution

Feel free to fork the repository and submit pull requests to improve functionality or documentation.