django-allauth

django-allauth is a Python package that handles user accounts for websites built with Django, a popular Python web framework. It covers the full range of account-related tasks: registering new users, logging in and out, verifying email addresses, resetting passwords, and letting users sign in through third-party services like Google, GitHub, or any provider that uses standard protocols like OAuth or OpenID Connect.

The reason the project exists, according to its own explanation, is that most existing solutions only handle one side of authentication. Libraries focused on social login often leave local (email and password) registration as a separate problem, which creates gaps. For example, an email address that a social login provider passes along might not actually be verified, so before linking a social account to a local one, email verification needs to happen on both paths. django-allauth treats local and social authentication as one unified system rather than two separate plugged-together pieces.

Features include flexible login options (by username, by email, or both), configurable email verification (ranging from none required to mandatory), rate limiting to slow down brute-force login attempts, and account enumeration prevention, which means an attacker cannot easily determine whether a particular email address has an account by testing the password reset or signup forms. For business-to-business scenarios, the package also supports SAML 2.0, a protocol commonly used for enterprise single sign-on.

Settings for each social provider, including the keys and secrets needed to connect, can be stored either in Django's settings file or managed through the Django admin panel in a database. The package has been publicly available since 2010 and is used by commercial companies in production. Commercial support is available from the maintainers. Documentation is at docs.allauth.org.