Abstract Token Strategy

If the token strategies that are offered out of the box do not suit your needs you can create your own strategy. Your strategy should match the following interface:

class allauth.headless.tokens.strategies.base.AbstractTokenStrategy

create_access_token(request: HttpRequest) → str | None

Create an access token.

While session tokens are required to handle the authentication process, depending on your requirements, a different type of token may be needed once authenticated.

For example, your app likely needs access to other APIs as well. These APIs may even be implemented using different technologies, in which case having a stateless token, possibly a JWT encoding the user ID, might be a good fit.

We make no assumptions in this regard. If you need access tokens, you will have to implement a token strategy that returns an access token here.

create_access_token_payload(request: HttpRequest) → dict[str, Any] | None: After authenticating, this method is called to create the access token response payload, exposing the access token and possibly other information such as a refresh_token and expires_in.

abstractmethod create_session_token(request: HttpRequest) → str: Create a session token for the request.session.

get_session_token(request: HttpRequest) → str | None: Returns the session token, if any.

abstractmethod lookup_session(session_token: str) → SessionBase | None: Looks up the Django session given the session token. Returns None if the session does not / no longer exist.

refresh_token(refresh_token: str) → tuple[str, str] | None: Validates the given refresh token, and if valid, returns a new access token and refresh token pair.