As a full-stack developer, understand how to build an authentication system with backend technology and manage the authentication flow with a frontend technology is crucial.

In this tutorial, we'll together build an authentication system using React and Django. We'll be using Django and Django Rest to build the API and create authentication endpoints. And after, set up a simple login and profile page with React and Tailwind, using Redux and React router by the way.

First of all, let's set up the project. Feel free to use your favorite python environment management tool. I’ll be using virtualenv here.

We can now create the user application and start adding features.

For this configuration to work, you'll need to modify the name of the app in core/user/apps.py

And also the __init__.py file in core/user directory.

Django comes with a built-in authentication system model which fits most of the user cases and is quite safe. But most of the time, we need to do rewrite it to adjust the needs of our project. You may add others fields like bio, birthday, or other things like that.

A Custom User Model is a new user that inherits from AbstractBaseUser. But we’ll also rewrite the UserManager to customize the creation of a user in the database. But it’s important to note that these modifications require special care and updates of some references through the settings.py.

Now what we'll do next is specify to Django to use this new User model as the AUTH_USER_MODEL.

The next step when working with Django & Django Rest after creating a model is to write a serializer. Serializer allows us to convert complex Django complex data structures such as querysets or model instances in Python native objects that can be easily converted JSON/XML format, but Serializer also serializes JSON/XML to naive Python.

And the viewset. A viewset is a class-based view, able to handle all of the basic HTTP requests: GET, POST, PUT, DELETE without hard coding any of the logic. And if you have specific needs, you can overwrite those methods.

REST framework provides several authentication schemes out of the box, but we can also implement our custom schemes. We'll use authentication using JWT tokens. For this purpose, we'll use the djangorestframework-simplejwt to implement an access/refresh logic. Add rest_framework_simplejwt.authentication.JWTAuthentication to the list of authentication classes in settings.py:

The Simple JWT library comes with two useful routes:

And since we are using viewsets, there is a problem with consistency. But here’s the solution :

Then, we can write the viewsets.

The next step is to register the routes. Create a file routers.py in the core directory.

And the last step, we'll include the routers.urls in the standard list of URL patterns in CoreRoot.

The User endpoints, login, and register viewsets are ready. Don't forget to run migrations and start the server and test the endpoints.

If everything is working fine, let's create a user with an HTTP Client by requesting localhost:8000/api/auth/register/. I'll be using Postman but feel free to use any client.

There are generally two ways to connect Django to your frontend :

The most used pattern is the first one, and we'll focus on it because we have already our token authentication system available. Make sure you have the latest version of create-react-app in your machine.

Then open http://localhost:3000/ to see your app.

But, we'll have a problem. If we try to make a request coming from another domain or origin (here from our frontend with the webpack server), the web browser will throw an error related to the Same Origin Policy. CORS stands for Cross-Origin Resource Sharing and allows your resources to be accessed on other domains. Cross-Origin Resource Sharing or CORS allows client applications to interface with APIs hosted on different domains by enabling modern web browsers to bypass the Same-origin Policy which is enforced by default. Let's enable CORS with Django REST by using django-cors-headers.

If the installation is done, go to your settings.py file and add the package in INSTALLED_APPS and the middleware.

And add these lines at the end of the settings.py file.

We are good now. Let's continue with the front end by adding libraries we'll be using.

First of all, let's add tailwind and make a basic configuration for the project.

Since Create React App doesn’t let you override the PostCSS configuration natively, we also need to install CRACO to be able to configure Tailwind.

Once it's installed, modify these lines in the package.json file. Replace react- scripts by craco.

Next, we'll create a craco config file in the root of the project, and add tailwindcss and autoprefixer as plugins.

Next, we need to create a configuration file for tailwind. Use npx tailwindcss-cli@latest init to generate tailwind.config.js file containing the minimal configuration for tailwind.

The last step will be to include tailwind in the index.css file.

We are done with the tailwind configuration.

Let's quickly create the Login Page and the Profile Page.

Here's a preview :

And the profile page :

And here's the preview :

And the final step, we'll be making requests on an API. It's a good practice to configure environment variables. Fortunately, React allows us to make basic environment configurations. Create a .env file at the root of the project and put this here.

Redux is a library to manage the global state in our application. Here, we want the user to log in and go to the Profile Page. It will only work if the login is correct. But that's not all: if the user has no active session -meaning that the refresh is expired or there is no trace of this user account or tokens in the storage of the frontend - he is directly redirected to the login page.

To make things simple, here's what we're going to do:

First of all, let's add the dependencies we need to configure the store.

Then, create a folder named store in src. Add in this directory another folder named slices and create in this directory a file named auth.ts. With Redux, a slice is a collection of reducer logic and actions for a single feature of our app. But before adding content to this file, we need to write the interface for the user account.

And now, we can write the authentication slice authSlice.

Now, move inside the store directory and create a file named index.ts. And add the following content.

Now the store has been created, we need to make the store accessible for all components by wrapping (top-level-component) in :

The store is accessible by all components in our application now. The next step is to build a component to help us hide pages that require sessions from the other ones.

We'll build the component using React Router. React Router is a standard library for routing in React. It enables the navigation among views of various components in a React Application, allows changing the browser URL, and keeps the UI in sync with the URL. In our application, If the user tries to access a protected page, we'll be redirected to the Login Page.

In the routes, directory creates a file named ProtectedRoute.tsx , and write this :

The first step here is to get the global state of auth. Actually, every time a user successfully signs in, we'll use the slices to persist the account state and the tokens in the storage. If there is an account object, that means that there is an active session. Then, we use this state to check if we have to redirect the user to the protected page return ; or he is directly redirected to the login page return ;. The last and final step is to rewrite the Login and Profile Page. Let's start with the Login Page.

And the profile Page,

And we're done with the front end. Start your server again and try to log in with the user-created with POSTMAN.

But there is something missing. Our API is using refresh/access logic for authentication. It means that when the access token expires (5 minutes), we need to get a new access token to make requests to protected resources. It can be done in two ways:

In your terminal, install a new package:

Once it's done, create a new directory named utils, and inside this directory, create a file named axios.ts. It will contain the code of our fetcher.

Then let's use this on the profile page.

The new Profile page will look like this.

That's some basic stuff if you need to build an authentication system with React and Django. However, the application has some issues, and trying to perfect it here was only going to increase the length of the article. So here are the issues and the solutions :

In this article, We learned to build a CRUD application web with Django and React. And as every article can be made better so your suggestion or questions are welcome in the comment section. 😉

Check the code of the Django app here and the React App here.

Ready to take your Django and React skills to the next level? Check out my book, Full Stack Django and React: Get hands-on experience in full-stack web development with Python, React, and AWS, for an in-depth guide to building web applications with these powerful tools. Whether you're a beginner or an experienced developer, you'll find practical tips and insights to help you succeed. Click here to order your copy now!