You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/api-guide/authentication.md
+16-10Lines changed: 16 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -120,6 +120,14 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
120
120
121
121
## TokenAuthentication
122
122
123
+
---
124
+
125
+
**Note:** The token authentication provided by Django REST framework is a fairly simple implementation.
126
+
127
+
For an implementation which allows more than one token per user, has some tighter security implementation details, and supports token expiry, please see the [Django REST Knox][django-rest-knox] third party package.
128
+
129
+
---
130
+
123
131
This authentication scheme uses a simple token-based HTTP Authentication scheme. Token authentication is appropriate for client-server setups, such as native desktop and mobile clients.
124
132
125
133
To use the `TokenAuthentication` scheme you'll need to [configure the authentication classes](#setting-the-authentication-scheme) to include `TokenAuthentication`, and additionally include `rest_framework.authtoken` in your `INSTALLED_APPS` setting:
@@ -129,11 +137,9 @@ To use the `TokenAuthentication` scheme you'll need to [configure the authentica
129
137
'rest_framework.authtoken'
130
138
]
131
139
132
-
---
133
-
134
-
**Note:** Make sure to run `manage.py migrate` after changing your settings. The `rest_framework.authtoken` app provides Django database migrations.
140
+
Make sure to run `manage.py migrate` after changing your settings.
135
141
136
-
---
142
+
The `rest_framework.authtoken` app provides Django database migrations.
137
143
138
144
You'll also need to create tokens for your users.
139
145
@@ -146,7 +152,7 @@ For clients to authenticate, the token key should be included in the `Authorizat
**Note:**If you want to use a different keyword in the header, such as `Bearer`, simply subclass `TokenAuthentication` and set the `keyword` class variable.
155
+
*If you want to use a different keyword in the header, such as `Bearer`, simply subclass `TokenAuthentication` and set the `keyword` class variable.*
150
156
151
157
If successfully authenticated, `TokenAuthentication` provides the following credentials.
152
158
@@ -355,6 +361,10 @@ The following example will authenticate any incoming request as the user given b
355
361
356
362
The following third-party packages are also available.
357
363
364
+
## django-rest-knox
365
+
366
+
[Django-rest-knox][django-rest-knox] library provides models and views to handle token-based authentication in a more secure and extensible way than the built-in TokenAuthentication scheme - with Single Page Applications and Mobile clients in mind. It provides per-client tokens, and views to generate them when provided some other authentication (usually basic authentication), to delete the token (providing a server enforced logout) and to delete all tokens (logs out all clients that a user is logged into).
367
+
358
368
## Django OAuth Toolkit
359
369
360
370
The [Django OAuth Toolkit][django-oauth-toolkit] package provides OAuth 2.0 support and works with Python 3.4+. The package is maintained by [jazzband][jazzband] and uses the excellent [OAuthLib][oauthlib]. The package is well documented, and well supported and is currently our **recommended package for OAuth 2.0 support**.
@@ -422,11 +432,7 @@ There are currently two forks of this project.
422
432
423
433
## drf-social-oauth2
424
434
425
-
[Drf-social-oauth2][drf-social-oauth2] is a framework that helps you authenticate with major social oauth2 vendors, such as Facebook, Google, Twitter, Orcid, etc. It generates tokens in a JWTed way with an easy setup.
426
-
427
-
## django-rest-knox
428
-
429
-
[Django-rest-knox][django-rest-knox] library provides models and views to handle token-based authentication in a more secure and extensible way than the built-in TokenAuthentication scheme - with Single Page Applications and Mobile clients in mind. It provides per-client tokens, and views to generate them when provided some other authentication (usually basic authentication), to delete the token (providing a server enforced logout) and to delete all tokens (logs out all clients that a user is logged into).
435
+
[Drf-social-oauth2][drf-social-oauth2] is a framework that helps you authenticate with major social oauth2 vendors, such as Facebook, Google, Twitter, Orcid, etc. It generates tokens in a JWTed way with an easy setup.
0 commit comments