1

I am writing a Single Page Application (SPA) in react and want to use Django as the backend. I read this post and this and I am convinced that I need to use token based authentication instead of session based.

So here is what I want to accomplish:

  1. users enters username & password, my app send these via ajax to Django for verification
  2. assuming the username & password are valid, Django returns an access token to the SPA
  3. the SPA can start using this token to request REST apis

I found the Django OAuth Toolkit and this page seems to show how to accomplish what I have just mentioned.

As I am new to OAuth2 and token based authentication, I am not sure if my assertion is correct. (I didn't quite get the part about register your application)

I hope someone with more experiences can help me out. Thanks!

P.S. If I don't need token rotation, I guess I can just go with the TokenAuthentication provided by DRF right?

Community
  • 1
  • 1
Cheng
  • 16,824
  • 23
  • 74
  • 104

2 Answers2

0

P.S. If I don't need token rotation, I guess I can just go with the >TokenAuthentication provided by DRF right?

Yes you should be able to just use TokenAuthentication with DRF (so long as everything is served over HTTPS). I would also suggest looking into Django rest auth to speed yourself up with the user flows.

jonzlin95
  • 280
  • 2
  • 7
0

The three steps you have mentioned, they can be easily achieved through DRF TokenAuthentication. In order to use it, you would have to setup the basic authentication as mentioned here: https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication

For OAuth Toolkit here, one has to register an application to associate the token of all the further requests with. The users can be assigned restricted to access requests associated with that application. The token has expiration timeline and once it has expired, new token has to be generated either using the refresh token or again sending username, password.

Stuti Verma
  • 1,059
  • 13
  • 32