A small Django pluggable app that provides a custom User model where the email address is the username. No username field, no extra settings, no migrations beyond the initial one.
Users today expect to use their email address as the username during authentication. This works well because:
- Users already know their email addresses by heart.
- Since email addresses are unique, users don't need to remember yet another item when either signing up or logging into web applications. IMHO this is a significant factor that plays a vital role in user adoption.
- This is a time tested model and many web applications today follow this.
However, Django's default approach for authentication requires a user provide both a username and an email address during sign up and then just use the username during login.
- Python 3.10, 3.11, 3.12, or 3.13
- Django 4.2 LTS or Django 5.2 LTS
Important: swap in this user model before running
migratefor the first time. SwitchingAUTH_USER_MODELmid-project requires hand-written data migrations across every foreign key to the user model. See Django's docs on substituting a custom user model.
Install the package:
pip install django-rapyd-modernauthAdd modernauth to INSTALLED_APPS:
INSTALLED_APPS = [
# ...
"modernauth",
]Point Django at the custom user model in settings.py:
AUTH_USER_MODEL = "modernauth.User"Optionally enable case-insensitive login by adding the EmailBackend to your AUTHENTICATION_BACKENDS:
AUTHENTICATION_BACKENDS = [
"modernauth.backends.EmailBackend",
]This is optional but recommended. Emails are stored lowercased on save, so the backend lowercases the credential at login time and matches against stored values — meaning Alice@Example.com and alice@example.com resolve to the same account. Without it, Django's default ModelBackend will only match if the consumer's login form lowercases the input first.
Create the database tables:
python manage.py migrateThe custom User model behaves like Django's default AbstractUser with one difference: email is the unique identifier and there is no username field. Use get_user_model() rather than importing the model directly so your code keeps working if AUTH_USER_MODEL is ever swapped again.
from django.contrib.auth import get_user_model
User = get_user_model()
User.objects.create_user(email="alice@example.com", password="…")
User.objects.create_superuser(email="root@example.com", password="…")The admin's createsuperuser command will prompt for an email instead of a username:
python manage.py createsuperuserLogin forms, the admin, and authenticate() all use email as the credential.
Emails are normalized to lowercase whenever a user is created or saved, so the address is the canonical identity. With the EmailBackend enabled (see Installation), authenticate() lowercases the supplied credential before lookup, making login case-insensitive.
Starting in 0.1.0 the package's behavior changed in two ways:
User.save()(and thereforecreate_user/create_superuser) lowercasesemailbefore writing.- The new
modernauth.backends.EmailBackendlowercases the supplied credential at authentication time, making login case-insensitive when wired intoAUTHENTICATION_BACKENDS.
The public API surface is unchanged — same model, same manager methods — but consumers upgrading from 0.0.x should be aware of the points below.
This package does not rewrite existing rows. New writes go through the lowercasing path, but rows that already exist with mixed-case local parts (e.g. Alice@example.com) stay as-is until the consumer migrates them. If you want the storage invariant to hold across the whole table, you need to run a one-shot data migration in your own project.
Under the old behavior the unique index on email was byte-comparison, so it was possible to have both Alice@example.com and alice@example.com as separate users. A naive lowercasing migration will fail on the duplicate. De-dup first, then migrate.
The sketch below is a starting point, not a turnkey solution. Put it in a data migration in your own project (we don't ship one):
# Sketch: in your project, create a data migration that lowercases existing emails.
def lowercase_emails(apps, schema_editor):
User = apps.get_model("modernauth", "User")
for user in User.objects.all():
lowered = user.email.lower()
if user.email != lowered:
# Caller is responsible for de-duping conflicts before running this.
user.email = lowered
user.save(update_fields=["email"])If you don't want this behavior, pin to the last release before the change:
pip install "django-rapyd-modernauth<0.1.0"Pull requests are welcome — the project is intentionally small, so bug fixes, test improvements, and Django LTS support updates are the most likely to land. See CONTRIBUTING.md for the full development setup, test workflow, and release process. See CHANGELOG.md for version history.
For security vulnerabilities, see SECURITY.md for the private disclosure process. Do not file a public issue for security bugs.
Apache License 2.0 — see LICENSE.