One of the really nice things about Django is that it ships with a fantastic ORM, user authentication, and admin panel. These three things make building secure Django websites incredibly easy, and generally make Django sites more secure than their counterparts.

This is why I’m super excited to announce that as of very recently, Stormpath officially supports Django >:)

Our new django-stormpath library allows you to keep using all of the normal Django auth system stuff, while completely handling all scaling and security

issues.

If you’re not already familiar with Stormpath, what we do is really quite simple: we store user accounts for your application. We do one thing, and we

do it well.

Our service will store your users, handle all the password hashing and security, and provide wrappers around common bits of functionality like:

Handling permissions.

Storing user data.

Authenticating users and API requests.

Handling social login with Google, Facebook, etc.

Scaling out your user system.

Providing wrappers in many languages so you can access your users via a central location instead of directly connecting to a database / etc. regardless of what languages / tools you’re using.

So — with that said, what makes our new Django library awesome is this: if you want a managed service for storing / accessing user data, Stormpath makes things super easy.

Using django-stormpath

The way you use our new django-stormpath library is pretty simple.

Firstly, you need to install the library using pip:

$ pip install django-stormpath 1 2 $ pip install django - stormpath

Next, you’ll need to add a few settings in your settings.py file:

INSTALLED_APPS = ( # ... django_stormpath', ) AUTHENTICATION_BACKENDS = ( 'django_stormpath.backends.StormpathBackend', ) AUTH_USER_MODEL = 'django_stormpath.StormpathUser' # Your Stormpath credentials, these can be retrieved from your dashboard. # If you don't have an account, go make one! https://api.stormpath.com/register STORMPATH_API_KEY_ID = 'xxx' STORMPATH_API_KEY_SECRET = 'xxx' STORMPATH_APPLICATION = 'https://api.stormpath.com/v1/applications/xxx' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 INSTALLED_APPS = ( # ... django_stormpath ', ) AUTHENTICATION_BACKENDS = ( ' django_stormpath . backends . StormpathBackend ', ) AUTH_USER_MODEL = ' django_stormpath . StormpathUser ' # Your Stormpath credentials, these can be retrieved from your dashboard. # If you don' t have an account , go make one ! https : //api.stormpath.com/register STORMPATH_API_KEY_ID = 'xxx' STORMPATH_API_KEY_SECRET = 'xxx' STORMPATH_APPLICATION = 'https://api.stormpath.com/v1/applications/xxx'

The settings above are all you need to get things working.

Once you add in the settings above, your Django site will start magically working with Stormpath. The way things work is pretty cool:

If a new user is created, they’ll be created in both Stormpath and your local Django database.

When a user is authenticated, if the user exists in Stormpath, they’ll be authenticated by us. If the user exists in your local Django database, that’ll be used as the fall-back.

Not bad, right?

Hosted Login / SSO

In addition to using Stormpath for your Django user storage — you can also use Stormpath’s hosted login pages if you’d like.

The way this works is also pretty cool:

Enable “ID Site” functionality in django-stormpath.

When a user wants to log in, you redirect them to a hosted domain like ( login.yoursite.com ) — which Stormpath hosts for you.

) — which Stormpath hosts for you. Stormpath will let the person log in or create an account on your site.

Stormpath will redirect the authenticated user back to your webapp ( yoursite.com/dashboard or whatever).

or whatever). BAM! You have an authenticated user and pre-built login / registration / password reset / social login pages.

To learn more about this, check out the relevant docs.

I really like the hosted login stuff as it makes building single-sign-on applications super easy.

Since this is a brand new integration for us, we’d love to get your feedback! If

you have any thoughts, please send us an email.

-Randall