1

I posted a question on SO that had various questions regarding the confusion that I have on this particular matter. I was told that I should break down my questions into little pieces since my question was too broad, so here I go.

I have a backend ready with a lot of views, models and serializers from DRF. Now I want to apply authentication to my app and create RESTful apis that are consumed at the front-end. So the doubts that I have-

  • How does token system works?
  • How does a token sent from the front-end validates at the back-end, when each time a user logs-out and logs back in, a new token is sent? (i.e. How does backend knows the token at the front-end has changed and what to verify it against)
  • How to use token authentication with drf and angularjs?

I hope my questions are clear. In case they are not, suggest me edits. I'd also like some examples(if any) on how does this all happens.

Also, if you want to see the original post.

Community
  • 1
  • 1
Sushant
  • 3,499
  • 3
  • 17
  • 34
  • Take a look at my comments on [this question](http://stackoverflow.com/questions/32507755/drf-token-authentication-tutorial). Summary is that if you are doing a web client for your DRF backend, you should probably be using sessions with logins instead of a token. Sessions _are_ very similar to tokens in Django for authentication purposes, but there is automatic expiration and you can invalidated all sessions at anytime, simply requiring a user to re-login. Tokens probably should only be used for machine to machine stuff ( calling services) or mobile apps. Have users log in and use sessions. – Ross Rogers Sep 14 '16 at 15:20
  • You have not posted a code example there. If you could do so, or provide some links, that would be really helpful @RossRogers – Sushant Sep 14 '16 at 16:38
  • [The authentication page](http://www.django-rest-framework.org/api-guide/authentication/) on DRF docs is a good start with code examples. [This blog post](http://blog.kevinastone.com/getting-started-with-django-rest-framework-and-angularjs.html) walks through using AngularJS as a front-end with DRF as backend and uses `SessionAuthentication`. – Ross Rogers Sep 14 '16 at 19:20

0 Answers0