I've built a web application using django 2.0 and django-rest-framework. In my web app, I've been using django-rest-framework's SessionAuthentication.
I'm in the early stages of building out a supporting mobile app and based on my findings so far, there's a lot of value in doing the extra work to implement some sort of OAuth authentication:
I was hoping to use django-oath-toolkit for this, but I noticed in the docs that there's no django 2.x support. I want to avoid refactoring my app using django 1.x, so two questions:
- Has anyone used django-oath-toolkit successfully for django 2.x? (It appears that at least some people have tried it.) Am I exposing my app to security risks if I go this route?
- Are there any alternatives to django-oath-toolkit? Or am I wrong in my conclusion that a secure mobile application needs to use OAuth for authentication? (That conclusion was primarily drawn via this Stack Overflow answer.)
