What is Django authentication system?

Django includes a comprehensive authentication system in django.contrib.auth: User model: built-in User with fields: username, password (hashed with PBKDF2 by default), email, first_name, last_name, is_staff, is_active, is_superuser, last_login. Custom User model (recommended): extend AbstractUser or AbstractBaseUser before any migrations: from django.contrib.auth.models import AbstractUser class CustomUser(AbstractUser): phone = models.CharField(max_length=20, blank=True) avatar = models.ImageField(upload_to="avatars/", blank=True) AUTH_USER_MODEL = "myapp.CustomUser". Login/logout: from django.contrib.auth import authenticate, login, logout user = authenticate(request, username=u, password=p) if user: login(request, user) # saves user in session. Decorators: @login_required(login_url="/login/") def my_view(request): .... Permissions: model-level permissions auto-created (add, change, delete, view); custom permissions: class Meta: permissions = [("publish_article", "Can publish articles")]; check: request.user.has_perm("blog.publish_article"). Groups: assign multiple permissions to a group, assign users to groups. Password management: PBKDF2+SHA256 by default; check_password(), set_password(); password hashers configurable; password_reset views included. LoginView, LogoutView, PasswordChangeView — built-in class-based views. AllAuth: popular third-party for social auth (Google, GitHub, etc.).