// the find
pennersr/django-allauth
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication. 🔁 Mirror of https://codeberg.org/allauth/django-allauth/
django-allauth is the de facto authentication library for Django, handling local accounts, social login (OAuth 1/2, OIDC), SAML 2.0, MFA, passkeys/WebAuthn, and now an OIDC identity provider. It's been around since 2010 and is what you reach for when you need auth that actually covers the full surface area — not just social login bolted onto a separate local-accounts system.
The unification of local and social auth flows is the core value and it holds up — email verification works the same whether the address came from a form or Google, which avoids a whole class of bugs other setups produce. The headless mode (added in recent years) gives you JSON API endpoints for SPA/React frontends without maintaining a fork of the library. The adapter pattern means you can override almost any behavior without monkey-patching. Rate limiting and account enumeration prevention are on by default, not opt-in afterthoughts.
INSTALLED_APPS configuration is notoriously fiddly — getting the right combination of allauth apps, providers, and settings without something silently not working requires reading the docs carefully. The social provider list covers dozens of services but the quality is uneven; some providers are community-maintained and lag behind API changes. The new OIDC IdP feature (allauth acting as the identity provider) is relatively young and the docs are thin compared to the consumer side. Template customization still requires copying and overriding Django templates, which is tedious if you have strong UI opinions.