Skip to content

Modify ObtainAuthToken to use the User model's USERNAME_FIELD and password for authentication instead of assuming username and password. #9674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Modify ObtainAuthToken to use the User model's USERNAME_FIELD and password for authentication instead of assuming username and password. #9674

wants to merge 1 commit into from
+42 −20

Conversation

@partho-debnath
Copy link

Summary

Django’s default user model uses username and password for authentication. However, when a custom user model is defined with USERNAME_FIELD = 'email', Django correctly uses email and password for authentication.

The issue was that Django REST Framework's obtain_auth_token endpoint (used for TokenAuthentication) still expected username and password, even when a custom user model used email instead of username.

Fix

This update modifies the ObtainAuthToken view to dynamically use USERNAME_FIELD instead of assuming username. Now, authentication works consistently, whether using the built-in User model or a custom one, with no inconsistencies.

Changes Made:

  1. ObtainAuthToken now retrieves the USERNAME_FIELD from the user model.
  2. It authenticates using USERNAME_FIELD and password, ensuring compatibility with both built-in and custom user models.

Impact

  1. Users with a custom User model (e.g., USERNAME_FIELD = 'email') can now log in using email and password instead of username and password.
  2. Users with the default User model or a custom User model where USERNAME_FIELD = 'username' can continue logging in using username and password as expected.

@partho-debnath
Update obtain_auth_token to authenticate using 'USERNAME_FIELD' and '…
9dc2682 
…password' instead of 'username' and 'password' for both the built-in and custom User models
@partho-debnath
Copy link
Author

If any changes are required, please let me know.

@browniebroke
Copy link
Collaborator

I'm not sure this falls under our current maintenance policy:

At this point in its lifespan we consider Django REST framework to be feature-complete. We focus on pull requests that track the continued development of Django versions, and generally do not accept new features or code formatting changes.

One could argue that this improves compatibility with custom Django user models, but on the other hand USERNAME_FIELD has been in Django for so long that it's a bit late to add this now...

It's also simple to customise in user-land right now, and this is explained in our docs.

If we were to ever accept it, we would need some tests to cover the behaviour with a customised user model...

@partho-debnath
Copy link
Author

partho-debnath commented Mar 31, 2025
edited
Loading

Thank you for reviewing my pull request and for your feedback. I understand that Django REST Framework is considered feature-complete and that new features are usually only accepted if they align with Django’s ongoing development.

However, I see this change as more of a compatibility improvement rather than a new feature. While USERNAME_FIELD has been in Django for a long time, ObtainAuthToken still assumes a username by default. This creates an inconsistency for projects that take advantage of Django’s built-in flexibility for custom user models.

@browniebroke, Are you saying that it won't be possible to accept or merge this change?

auvipy
auvipy requested changes Apr 8, 2025
View reviewed changes
Copy link
Collaborator

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this might break existing projects or functionalities

@stale
Copy link

stale bot commented Oct 18, 2025

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Oct 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@auvipy auvipy auvipy requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@partho-debnath @browniebroke @auvipy