encode
diff --git a/‎.github/workflows/main.yml‎
Lines changed: 6 additions & 5 deletions b/‎.github/workflows/main.yml‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎.github/workflows/mkdocs-deploy.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/mkdocs-deploy.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/pre-commit.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/pre-commit.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 22 additions & 11 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 22 additions & 11 deletions
diff --git a/‎MANIFEST.in‎
Lines changed: 0 additions & 5 deletions b/‎MANIFEST.in‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 13 additions & 58 deletions b/‎README.md‎
Lines changed: 13 additions & 58 deletions
diff --git a/‎codespell-ignore-words.txt‎
Lines changed: 7 additions & 0 deletions b/‎codespell-ignore-words.txt‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎docs/api-guide/authentication.md‎
Lines changed: 23 additions & 27 deletions b/‎docs/api-guide/authentication.md‎
Lines changed: 23 additions & 27 deletions
diff --git a/‎docs/api-guide/caching.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/api-guide/caching.md‎
Lines changed: 2 additions & 2 deletions
@@ -14,18 +14,19 @@ jobs:
     strategy:
       matrix:
         python-version:
-        - '3.9'
         - '3.10'
         - '3.11'
         - '3.12'
         - '3.13'
+        - '3.14'
 
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
 
     - uses: actions/setup-python@v6
       with:
         python-version: ${{ matrix.python-version }}
+        allow-prereleases: true
         cache: 'pip'
         cache-dependency-path: 'requirements/*.txt'
 
@@ -39,7 +40,7 @@ jobs:
       run: tox run -f py$(echo ${{ matrix.python-version }} | tr -d . | cut -f 1 -d '-')
 
     - name: Run extra tox targets
-      if: ${{ matrix.python-version == '3.9' }}
+      if: ${{ matrix.python-version == '3.13' }}
       run: |
         tox -e base,dist,docs
 
@@ -52,11 +53,11 @@ jobs:
     name: Test documentation links
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
 
     - uses: actions/setup-python@v6
       with:
-        python-version: '3.9'
+        python-version: '3.13'
 
     - name: Install dependencies
       run: pip install -r requirements/requirements-documentation.txt
 
@@ -20,7 +20,7 @@ jobs:
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - run: git fetch --no-tags --prune --depth=1 origin gh-pages
       - uses: actions/setup-python@v6
         with:
 
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
 
@@ -1,39 +1,50 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.5.0
+  rev: v6.0.0
   hooks:
   - id: check-added-large-files
   - id: check-case-conflict
   - id: check-json
   - id: check-merge-conflict
   - id: check-symlinks
   - id: check-toml
-- repo: https://github.com/pycqa/isort
-  rev: 5.13.2
+- repo: https://github.com/PyCQA/isort
+  rev: 7.0.0
   hooks:
   - id: isort
 - repo: https://github.com/PyCQA/flake8
-  rev: 7.0.0
+  rev: 7.3.0
   hooks:
   - id: flake8
     additional_dependencies:
     - flake8-tidy-imports
+    - flake8-bugbear
 - repo: https://github.com/adamchainz/blacken-docs
-  rev: 1.16.0
+  rev: 1.20.0
   hooks:
   - id: blacken-docs
-    exclude: ^(?!docs).*$
     additional_dependencies:
-    - black==23.1.0
+    - black==25.9.0
 - repo: https://github.com/codespell-project/codespell
   # Configuration for codespell is in .codespellrc
-  rev: v2.2.6
+  rev: v2.4.1
   hooks:
   - id: codespell
+    args: [
+            "--builtin", "clear,rare,code,names,en-GB_to_en-US",
+            "--ignore-words", "codespell-ignore-words.txt",
+            "--skip", "*.css",
+          ]
     exclude: locale|kickstarter-announcement.md|coreapi-0.1.1.js
-
+    additional_dependencies:
+      # python doesn't come with a toml parser prior to 3.11
+      - "tomli; python_version < '3.11'"
 - repo: https://github.com/asottile/pyupgrade
-  rev: v3.19.1
+  rev: v3.21.0
   hooks:
   - id: pyupgrade
-    args: ["--py39-plus", "--keep-percent-format"]
+    args: ["--py310-plus", "--keep-percent-format"]
+- repo: https://github.com/tox-dev/pyproject-fmt
+  rev: v2.11.0
+  hooks:
+  - id: pyproject-fmt
@@ -1,8 +1,3 @@
-include README.md
-include LICENSE.md
 recursive-include tests/ *
-recursive-include rest_framework/static *.js *.css *.map *.png *.ico *.eot *.svg *.ttf *.woff *.woff2
-recursive-include rest_framework/templates *.html schema.js
-recursive-include rest_framework/locale *.mo
 global-exclude __pycache__
 global-exclude *.py[co]
@@ -10,30 +10,6 @@ Full documentation for the project is available at [https://www.django-rest-fram
 
 ---
 
-# Funding
-
-REST framework is a *collaboratively funded project*. If you use
-REST framework commercially we strongly encourage you to invest in its
-continued development by [signing up for a paid plan][funding].
-
-The initial aim is to provide a single full-time position on REST framework.
-*Every single sign-up makes a significant impact towards making that possible.*
-
-[![][sentry-img]][sentry-url]
-[![][stream-img]][stream-url]
-[![][spacinov-img]][spacinov-url]
-[![][retool-img]][retool-url]
-[![][bitio-img]][bitio-url]
-[![][posthog-img]][posthog-url]
-[![][cryptapi-img]][cryptapi-url]
-[![][fezto-img]][fezto-url]
-[![][svix-img]][svix-url]
-[![][zuplo-img]][zuplo-url]
-
-Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry][sentry-url], [Stream][stream-url], [Spacinov][spacinov-url], [Retool][retool-url], [bit.io][bitio-url], [PostHog][posthog-url], [CryptAPI][cryptapi-url], [FEZTO][fezto-url], [Svix][svix-url], and [Zuplo][zuplo-url].
-
----
-
 # Overview
 
 Django REST framework is a powerful and flexible toolkit for building Web APIs.
@@ -54,8 +30,8 @@ Some reasons you might want to use REST framework:
 
 # Requirements
 
-* Python 3.9+
-* Django 4.2, 5.0, 5.1, 5.2
+* Python 3.10+
+* Django 4.2, 5.0, 5.1, 5.2, 6.0
 
 We **highly recommend** and only officially support the latest patch release of
 each Python and Django series.
@@ -67,10 +43,11 @@ Install using `pip`...
     pip install djangorestframework
 
 Add `'rest_framework'` to your `INSTALLED_APPS` setting.
+
 ```python
 INSTALLED_APPS = [
-    ...
-    'rest_framework',
+    # ...
+    "rest_framework",
 ]
 ```
 
@@ -99,7 +76,7 @@ from rest_framework import routers, serializers, viewsets
 class UserSerializer(serializers.HyperlinkedModelSerializer):
     class Meta:
         model = User
-        fields = ['url', 'username', 'email', 'is_staff']
+        fields = ["url", "username", "email", "is_staff"]
 
 
 # ViewSets define the view behavior.
@@ -110,13 +87,13 @@ class UserViewSet(viewsets.ModelViewSet):
 
 # Routers provide a way of automatically determining the URL conf.
 router = routers.DefaultRouter()
-router.register(r'users', UserViewSet)
+router.register(r"users", UserViewSet)
 
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.
 urlpatterns = [
-    path('', include(router.urls)),
-    path('api-auth/', include('rest_framework.urls', namespace='rest_framework')),
+    path("", include(router.urls)),
+    path("api-auth/", include("rest_framework.urls", namespace="rest_framework")),
 ]
 ```
 
@@ -126,15 +103,15 @@ Add the following to your `settings.py` module:
 
 ```python
 INSTALLED_APPS = [
-    ...  # Make sure to include the default installed apps here.
-    'rest_framework',
+    # ... make sure to include the default installed apps here.
+    "rest_framework",
 ]
 
 REST_FRAMEWORK = {
     # Use Django's standard `django.contrib.auth` permissions,
     # or allow read-only access for unauthenticated users.
-    'DEFAULT_PERMISSION_CLASSES': [
-        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
+    "DEFAULT_PERMISSION_CLASSES": [
+        "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly",
     ]
 }
 ```
@@ -188,28 +165,6 @@ Please see the [security policy][security-policy].
 [funding]: https://fund.django-rest-framework.org/topics/funding/
 [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors
 
-[sentry-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/sentry-readme.png
-[stream-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/stream-readme.png
-[spacinov-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/spacinov-readme.png
-[retool-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/retool-readme.png
-[bitio-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/bitio-readme.png
-[posthog-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/posthog-readme.png
-[cryptapi-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/cryptapi-readme.png
-[fezto-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/fezto-readme.png
-[svix-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/svix-premium.png
-[zuplo-img]: https://raw.githubusercontent.com/encode/django-rest-framework/main/docs/img/premium/zuplo-readme.png
-
-[sentry-url]: https://getsentry.com/welcome/
-[stream-url]: https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage
-[spacinov-url]: https://www.spacinov.com/
-[retool-url]: https://retool.com/?utm_source=djangorest&utm_medium=sponsorship
-[bitio-url]: https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship
-[posthog-url]: https://posthog.com?utm_source=drf&utm_medium=sponsorship&utm_campaign=open-source-sponsorship
-[cryptapi-url]: https://cryptapi.io
-[fezto-url]: https://www.fezto.xyz/?utm_source=DjangoRESTFramework
-[svix-url]: https://www.svix.com/?utm_source=django-REST&utm_medium=sponsorship
-[zuplo-url]: https://zuplo.link/django-gh
-
 [oauth1-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-rest-framework-oauth
 [oauth2-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit
 [serializer-section]: https://www.django-rest-framework.org/api-guide/serializers/#serializers
 
@@ -0,0 +1,7 @@
+Tim
+assertIn
+IAM
+endcode
+deque
+thead
+lets
@@ -19,13 +19,10 @@ The `request.user` property will typically be set to an instance of the `contrib
 
 The `request.auth` property is used for any additional authentication information, for example, it may be used to represent an authentication token that the request was signed with.
 
----
-
-**Note:** Don't forget that **authentication by itself won't allow or disallow an incoming request**, it simply identifies the credentials that the request was made with.
+!!! note
+    Don't forget that **authentication by itself won't allow or disallow an incoming request**, it simply identifies the credentials that the request was made with.
 
-For information on how to set up the permission policies for your API please see the [permissions documentation][permission].
-
----
+    For information on how to set up the permission policies for your API please see the [permissions documentation][permission].
 
 ## How authentication is determined
 
@@ -122,17 +119,15 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
 
     WWW-Authenticate: Basic realm="api"
 
-**Note:** If you use `BasicAuthentication` in production you must ensure that your API is only available over `https`.  You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage.
+!!! note
+    If you use `BasicAuthentication` in production you must ensure that your API is only available over `https`.  You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage.
 
 ## TokenAuthentication
 
----
-
-**Note:** The token authentication provided by Django REST framework is a fairly simple implementation.
-
-For an implementation which allows more than one token per user, has some tighter security implementation details, and supports token expiry, please see the [Django REST Knox][django-rest-knox] third party package.
+!!! note
+    The token authentication provided by Django REST framework is a fairly simple implementation.
 
----
+    For an implementation which allows more than one token per user, has some tighter security implementation details, and supports token expiry, please see the [Django REST Knox][django-rest-knox] third party package.
 
 This authentication scheme uses a simple token-based HTTP Authentication scheme.  Token authentication is appropriate for client-server setups, such as native desktop and mobile clients.
 
@@ -173,11 +168,8 @@ The `curl` command line tool may be useful for testing token authenticated APIs.
 
     curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'
 
----
-
-**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https`.
-
----
+!!! note
+    If you use `TokenAuthentication` in production you must ensure that your API is only available over `https`.
 
 ### Generating Tokens
 
@@ -293,7 +285,8 @@ Unauthenticated responses that are denied permission will result in an `HTTP 403
 
 If you're using an AJAX-style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as `PUT`, `PATCH`, `POST` or `DELETE` requests.  See the [Django CSRF documentation][csrf-ajax] for more details.
 
-**Warning**: Always use Django's standard login view when creating login pages. This will ensure your login views are properly protected.
+!!! warning
+    Always use Django's standard login view when creating login pages. This will ensure your login views are properly protected.
 
 CSRF validation in REST framework works slightly differently from standard Django due to the need to support both session and non-session based authentication to the same views. This means that only authenticated requests require CSRF tokens, and anonymous requests may be sent without CSRF tokens. This behavior is not suitable for login views, which should always have CSRF validation applied.
 
@@ -334,11 +327,8 @@ You *may* also override the `.authenticate_header(self, request)` method.  If im
 
 If the `.authenticate_header()` method is not overridden, the authentication scheme will return `HTTP 403 Forbidden` responses when an unauthenticated request is denied access.
 
----
-
-**Note:** When your custom authenticator is invoked by the request object's `.user` or `.auth` properties, you may see an `AttributeError` re-raised as a `WrappedAttributeError`. This is necessary to prevent the original exception from being suppressed by the outer property access. Python will not recognize that the `AttributeError` originates from your custom authenticator and will instead assume that the request object does not have a `.user` or `.auth` property. These errors should be fixed or otherwise handled by your authenticator.
-
----
+!!! note
+    When your custom authenticator is invoked by the request object's `.user` or `.auth` properties, you may see an `AttributeError` re-raised as a `WrappedAttributeError`. This is necessary to prevent the original exception from being suppressed by the outer property access. Python will not recognize that the `AttributeError` originates from your custom authenticator and will instead assume that the request object does not have a `.user` or `.auth` property. These errors should be fixed or otherwise handled by your authenticator.
 
 ## Example
 
@@ -426,6 +416,11 @@ HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a
 
 [Djoser][djoser] library provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. The package works with a custom user model and uses token-based authentication. This is a ready to use REST implementation of the Django authentication system.
 
+## DRF Auth Kit
+
+[DRF Auth Kit][drf-auth-kit] library provides a modern REST authentication solution with JWT cookies, social login, multi-factor authentication, and comprehensive user management. The package offers full type safety, automatic OpenAPI schema generation with DRF Spectacular. It supports multiple authentication types (JWT, DRF Token, or Custom) and includes built-in internationalization for 50+ languages.
+
+
 ## django-rest-auth / dj-rest-auth
 
 This library provides a set of REST API endpoints for registration, authentication (including social media authentication), password reset, retrieve and update user details, etc. By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for user management.
@@ -454,9 +449,9 @@ There are currently two forks of this project.
 
 More information can be found in the [Documentation](https://django-rest-durin.readthedocs.io/en/latest/index.html).
 
-## django-pyoidc
+## django-pyoidc
 
-[dango-pyoidc][django_pyoidc] adds support for OpenID Connect (OIDC) authentication. This allows you to delegate user management to an Identity Provider, which can be used to implement Single-Sign-On (SSO). It provides support for most uses-cases, such as customizing how token info are mapped to user models, using OIDC audiences for access control, etc.
+[django_pyoidc][django-pyoidc] adds support for OpenID Connect (OIDC) authentication. This allows you to delegate user management to an Identity Provider, which can be used to implement Single-Sign-On (SSO). It provides support for most uses-cases, such as customizing how token info are mapped to user models, using OIDC audiences for access control, etc.
 
 More information can be found in the [Documentation](https://django-pyoidc.readthedocs.io/latest/index.html).
 
@@ -497,4 +492,5 @@ More information can be found in the [Documentation](https://django-pyoidc.readt
 [django-rest-authemail]: https://github.com/celiao/django-rest-authemail
 [django-rest-durin]: https://github.com/eshaan7/django-rest-durin
 [login-required-middleware]: https://docs.djangoproject.com/en/stable/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware
-[django-pyoidc] : https://github.com/makinacorpus/django_pyoidc
+[django-pyoidc]: https://github.com/makinacorpus/django_pyoidc
+[drf-auth-kit]: https://github.com/huynguyengl99/drf-auth-kit
@@ -82,8 +82,8 @@ def get_user_list(request):
 ```
 
 
-**NOTE:** The [`cache_page`][page] decorator only caches the
-`GET` and `HEAD` responses with status 200.
+!!! note
+    The [`cache_page`][page] decorator only caches the `GET` and `HEAD` responses with status 200.
 
 [page]: https://docs.djangoproject.com/en/stable/topics/cache/#the-per-view-cache
 [cookie]: https://docs.djangoproject.com/en/stable/topics/http/decorators/#django.views.decorators.vary.vary_on_cookie
-Original file line number
+Diff line change
@@ @@ -0,0 +1,7 @@ @@
 +Tim
 +assertIn
 +IAM
 +endcode
 +deque
 +thead
 +lets