Can't create a stateless API since allauth uses sessions everywhere

iMerica / dj-rest-auth

Authentication for Django Rest Framework

https://dj-rest-auth.readthedocs.io/en/latest/index.html

MIT License

1.66k stars 308 forks source link

Can't create a stateless API since allauth uses sessions everywhere #594

Open oabuhamdan opened 7 months ago

oabuhamdan commented 7 months ago

Hi,

I am trying to create a stateless API but I am forced to use sessions since allauth requires session to work properly. I was able to not use sessions by using my own ACCOUNT_ADAPTER. But, the AccountMiddleware forces using session and it's unavoidable.

This has to be fixed.

Aniket-Singla commented 4 months ago

The issue exists because of dependency on django-allauth for social authentications. As per an issue recorded on django-allauth there are no plans of moving away from session auth. See https://github.com/pennersr/django-allauth/issues/3805#issuecomment-2108200458 for more details.