| #13127 | Template tag "perms" doesn't support object level permission checking | new | nobody | New feature | 1.2-beta | |
| #20313 | AnonymousUser should follow custom User implementation | assigned | thinkingpotato | New feature | | |
| #20589 | contrib.auth.handlers.modwsgi fails for some backends | new | nobody | Bug | 1.5 | |
| #20605 | Allow extending the default auth permissions | new | nobody | New feature | dev | |
| #20671 | Custom backend get_user function is assumed to search by primary key | new | nobody | New feature | 1.5 | |
| #20824 | User Auth: A Complete Solution for Email Login Handling | assigned | Ülgen Sarıkavak | New feature | dev | |
| #21278 | Using dumpdata to create unit test fixtures causes duplicate foreign keys for auth permissions. Excluding auth causes other referenced auth models to be missing. | new | nobody | New feature | 1.5 | |
| #21289 | Add login rate limiting to contrib.auth | assigned | Tom Carrick | New feature | dev | |
| #21392 | changepassword option to read from stdin | assigned | Gnonpi | New feature | dev | |
| #21837 | auth.User Email - non-RFC spec case normalization | new | | Bug | 1.6 | |
| #22752 | Allow PasswordResetForm email to render URLs based on the current namespace | new | nobody | Cleanup/optimization | dev | |
| #23559 | Staff (not superusers) should not manage perms of Users | new | | New feature | | |
| #24754 | Implementation of global permissions | new | nobody | New feature | dev | |
| #25281 | Permission strings don't uniquely identify permissions | new | | Cleanup/optimization | dev | |
| #25612 | django.contrib.auth should include support for 2fa out of the box | assigned | theExplorer | New feature | dev | |
| #26401 | Allow auth machinery to be used without installing auth app | new | | New feature | 1.9 | |
| #26756 | Changing of model's verbose_name does not change the names of the model's permissions | new | | Bug | dev | |
| #28140 | Add convenience method to add `Permission`s to a `User` | new | nobody | New feature | 1.11 | |
| #28594 | Value error on related user name during save of user model | new | | Bug | 1.11 | |
| #28608 | Allow UserCreationForm and UserChangeForm to work with custom user models | new | shangdahao | Cleanup/optimization | dev | |
| #28645 | AuthenticationForm's inactive user error isn't raised when using ModelBackend | new | shangdahao | Bug | 3.1 | |
| #28757 | Allow using forms of contrib.auth without installing contrib.auth | new | shangdahao | Cleanup/optimization | 1.11 | |
| #28779 | Customizing REDIRECT_FIELD_NAME is cumbersome | new | nobody | Cleanup/optimization | 1.11 | |
| #29381 | Move some parts of `django.contrib.auth.models` to `django.contrib.auth.base_user` for reusability | new | nobody | New feature | dev | |
| #29843 | Create permissions using migration operations rather than using the post_migrate signal | assigned | Arthur Rio | Cleanup/optimization | dev | |
| #34654 | Post-normalization performed on the Username field leading to the bypass of the whitespace stripping | assigned | George Kussumoto | Bug | dev | |
| #35730 | Enhance password reset security by encrypting 'uid' parameter instead of base64-encoding to prevent possible user count leakage | assigned | Remy | Cleanup/optimization | dev | |
| #36225 | createsuperuser validation breaks if USERNAME_FIELD is distinct but user manager deliberately lacks get_by_natural_key() | assigned | Abderrahmane MELEK | Bug | 5.1 | |