DRF - 2FA with JWT authentication

Using Django
1

Hi Guys,

I am using DRF with djangorestframework-simplejwt and trying to get my head around the 2FA as I don’t see many topics on that which is very unfortunate.

On top of that, I am getting really confused because as far as I understand the admin panel is using the session-based authentication by default and I don’t even know if I’m doing this right.

This is what I am trying to understand:

  • Is that normal to have JWT (for DRF endpoints) and Cookie Session-based (default which is apparently used in Django Admin) auth at the same time? And if not, do I just change the mapping for Admin panel’s auth endpoints? I was thinking to do that but the Admin panel frontend wouldn’t know what to do with that JWT token anyway.
  • What is the best practtice of pairing JWT auth with 2FA? Two separate packages? Single all-in-one auth package? Custom solution?

Any advice on that is much appreciated. Thank you very much.

2

Hi,

You’re right that this setup can be a bit confusing at first, especially when combining JWT and 2FA.

  1. Using JWT + Session Auth Together :Yes, it’s common to use JWT for API clients (e.g., frontend apps) and keep session authentication for Django Admin. You don’t need to replace the admin’s auth — just keep both auth backends enabled. Django admin uses sessions and CSRF protection, which aren’t compatible with JWT, so leave it as-is.
  2. Best Practice for JWT + 2FA :For 2FA with JWT, it’s generally best to use a package that integrates both cleanly — otherwise you’ll need to bolt on a custom solution. If you’re open to trying something new, take a look at DRF Auth Kit. It’s a new toolkit designed for modern DRF use cases, includes built-in MFA support (inspired by django-trench), and works out-of-the-box with JWT, Token, and even social login.

You can enable MFA by simply adding ‘auth_kit.mfa’ to your INSTALLED_APPS, and it handles MFA verification flow separately from login, so it plays nicely with djangorestframework-simplejwt.

Hope that helps — happy to answer more if you’re diving into a custom setup or need something very specific!