Make source of request parameters clear
Quoting the documentation of 'authenticate':
"Response is the query string as parsed by cgi.parse_qs."
The method is deprecated in module cgi, so it should be urlparse.parse_qs. Beside this, it would be much more helpful to accept a simple dictionary of HTTP parameters, which can be generated from both Django HTTPRequest objects and the cgi / urlparse module.