Django-rest-knox library provides models and views to handle token-based authentication in a more secure and extensible way than the built-in TokenAuthentication scheme – with Single Page Applications and Mobile clients in mind.

It provides per-client tokens, and views:

• to generate them when provided some other authentication (usually basic authentication),
• to delete the token (providing a server enforced logout) and
• to delete all tokens (logs out all clients that a user is logged into).

The Django OAuth Toolkit package provides OAuth 2.0 support and works with Python 3.4+.

The package is maintained by jazzband and uses the excellent OAuthLib.

The package is well documented, and well supported and is currently the DRF project  recommended package for OAuth 2.0 support.

The Django REST framework OAuth package provides both OAuth1 and OAuth2 support for DRF.

This package was previously included directly in the REST framework but is now supported and maintained as a third-party package.

JSON Web Token is a fairly new standard which can be used for token-based authentication.

Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn’t need to use a database to validate a token.

A package for JWT authentication is djangorestframework-simplejwt which provides some features as well as a pluggable token blacklist app.

The HawkREST library builds on the Mohawk library to let you work with Hawk signed requests and responses in your API.

Hawk lets two parties securely communicate with each other using messages signed by a shared key.

It is based on HTTP MAC access authentication (which was based on parts of OAuth 1.0).

HTTP Signature provides a way to achieve origin authentication and message integrity for HTTP messages.

Similar to Amazon’s HTTP Signature scheme, used by many of its services, it permits stateless, per-request authentication.

Elvio Toccalino maintains the djangorestframework-httpsignature (outdated) package which provides an easy-to-use HTTP Signature Authentication mechanism. You can use the updated fork version of djangorestframework-httpsignature, which is drf-httpsig.

Djoser library provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation.

The package works with a custom user model and uses token-based authentication.

This is a ready to use REST implementation of the Django authentication system.

This library provides a set of REST API endpoints for registration, authentication (including social media authentication), password reset, retrieve and update user details, etc.

By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for user management.

Drf-social-oauth2 is a framework that helps you authenticate with major social oauth2 vendors, such as Facebook, Google, Twitter, Orcid, etc.

It generates tokens in a JWTed way with an easy setup.

drfpasswordless adds (Medium, Square Cash inspired) passwordless support to Django REST Framework’s TokenAuthentication scheme.

Users log in and sign up with a token sent to a contact point like an email address or a mobile number.

django-rest-authemail provides a RESTful API interface for user signup and authentication.

Email addresses are used for authentication, rather than usernames.

API endpoints are available for signup, signup email verification, login,

Django-Rest-Durin is built with the idea to have one library that does token auth for multiple Web/CLI/Mobile API clients via one interface but allows different token configuration for each API Client that consumes the API.

It provides support for multiple tokens per user via custom models, views, permissions that work with Django-Rest-Framework.

The token expiration time can be different per API client and is customizable via the Django Admin Interface.