Hide the token table from the admin panel in Django REST Framework

Question

I'm using Django REST Framework and Django-OAuth-toolkit to enable OAuth2 authentication in my application.

Since after using OAuth2, I no more need token-based authentication and hence no token table/model.

Sometimes it makes me confused after seeing two different modules for handling token.

Therefore, I want to remove/hide Token table from the admin panel of Django.

Here is my settings.py file

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oauth2_provider.contrib.rest_framework.OAuth2Authentication'
    ),
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated'
    ],
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 10
}

I have removed Token based authentication but still Token table is there in the admin panel

Answer 1

You have to remove rest_framework.authtoken from INSTALLED_APPS

See the docs

Answer 2

from rest_framework.authtoken.models import Token
admin.site.unregister(Token)

if you do the above one you will get "raise NotRegistered('The model %s is not registered' % model.name) django.contrib.admin.sites.NotRegistered: The model Token is not registered"

So please follow this below approch

from rest_framework.authtoken.models import TokenProxy
admin.site.unregister(TokenProxy)

Answer 3

This should normally work

from rest_framework.authtoken.admin import (
    TokenProxy
)

admin.site.unregister(TokenProxy)

Answer 4

from rest_framework.authtoken.models import TokenProxy
admin.site.unregister(TokenProxy)

Answer 5

You don't have to remove rest_framework.authtoken, you can just kick out its registered admin.

This answer likely doesn't apply to you but if you want to carry on using authtokens and just make them hidden from the Admin, you can add the following to one of your existing admin.py files:

try:
    from rest_framework.authtoken.models import TokenProxy as DRFToken
except ImportError:
    from rest_framework.authtoken.models import Token as DRFToken

admin.site.unregister(DRFToken)

Why the ugly code? It's to cope with a 2020 edit whereby the ModelAdmin used here is registered against a proxy model to another which picks the User's PK as its main primary key (for URLs, etc) rather than the database ID of the Token. These are one-to-one mapped, so it makes some sense.

If you know you're only supporting DRF 3.12.0 and newer, you can hack this down to TokenProxy.

Answer 6

Get to any registered app's admin.py and add the below lines.

from rest_framework.authtoken.models import TokenProxy
admin.site.unregister(TokenProxy)

Atleast, this works as per 2021 using Django 3.1.7.

Answer 7

For anyone still facing this error raise NotRegistered('The model %s is not registered' % model.__name__), even after doing either

admin.site.unregister(TokenProxy) or admin.site.unregister(Token)

This can happen due to the order in which Django initializes applications and their components. When your admin.py is processed, it might be that TokenProxy or Token hasn't been registered yet with the admin site, leading to the NotRegistered error.

A solution to this issue involves ensuring your unregister call occurs after all apps, including the rest_framework.authtoken, have been fully initialized. One way to achieve this is by using Django's AppConfig.ready method, which allows you to execute code once Django is ready and all models are loaded.

Here's how you can do it:

Step 1: Create or Modify an AppConfig for Your Application

If your application doesn't already have a custom AppConfig, create one. This involves creating a subclass of django.apps.AppConfig in your application's apps.py file. If apps.py doesn't exist, create it inside your application directory. Here's an example:

from django.apps import AppConfig

class MyAppConfig(AppConfig):
    name = 'your_app_name'  # Replace 'your_app_name' with the name of your app
    verbose_name = "My Application"

    def ready(self):
        # This method will be executed once Django is fully initialized
        from django.contrib import admin
        from rest_framework.authtoken.models import TokenProxy #or Token based on your Django version
        try:
            admin.site.unregister(TokenProxy)
        except admin.sites.NotRegistered:
            pass

Step 2: Update Your Application's Configuration in settings.py

In your settings.py, update the INSTALLED_APPS entry for your application to use the new AppConfig. This involves using the full path to your AppConfig class:

INSTALLED_APPS = [
    # other apps
    'your_app_name.apps.MyAppConfig',  # Replace with your AppConfig path
    # other apps
]