Questions tagged [http-token-authentication]
146 questions
565
votes
8 answers
What is token-based authentication?
I want to understand what token-based authentication means. I searched the internet but couldn't find anything understandable.

csharpbaby
- 6,125
- 3
- 18
- 12
98
votes
3 answers
Is a Refresh Token really necessary when using JWT token authentication?
I'm referencing another SO post that discusses using refresh tokens with JWT.
JWT (JSON Web Token) automatic prolongation of expiration
I have an application with a very common architecture where my clients (web and mobile) talk to a REST API which…

TheJediCowboy
- 8,924
- 28
- 136
- 208
98
votes
2 answers
What is the difference between JSON Web Signature (JWS) and JSON Web Token (JWT)?
I've been coding a RESTful service in Java. This is what I've understood till now:
Token authorization is done using JSON Web Tokens (JWT) which have three parts: the header, the payload, and the secret (shared between the client and the server).
I…

leo
- 1,423
- 2
- 14
- 23
70
votes
2 answers
Token based authentication in Web API without any user interface
I am developing a REST API in ASP.Net Web API. My API will be only accessible via non-browser based clients. I need to implement security for my API so I decided to go with Token based authentication. I have a fair understanding of token based…

Souvik Ghosh
- 4,456
- 13
- 56
- 78
49
votes
2 answers
JWT and CSRF differences
I've been reading about JWT, and from what I understand, it's a token that the server sends after a user logs in. The user will have to send that token with all future HTTP requests. This creates a stateless way for the server to verify a user's…

Caciano
- 747
- 1
- 6
- 13
46
votes
3 answers
django rest framework - token authentication logout
I have implemented the Token Authentication according to the django rest framework Docs.
Form what I read, the Token Authentication of DRF is quite simple - one token per user, the token doesn't expire and is valid for use always (am I right?).
I…

Ofek Agmon
- 5,040
- 14
- 57
- 101
22
votes
2 answers
Django TokenAuthentication missing the 'Authorization' http header
I'm trying to use the TokenAuthentication with one of my views.
As documented in https://www.django-rest-framework.org/api-guide/authentication/, I add the token I received from the login as an HTTP header called: 'Authorization' in the request I…

odedfos
- 4,491
- 3
- 30
- 42
15
votes
1 answer
Implementing passport-http-bearer token with sails.js
I am trying to implement passport's passport-http-bearer strategy, but it found no user with info Bearer realm="Users".
My request is a post request:
{'token':'simple_access_token',}
Any one has any idea why this error occurs? Also I know here req…

Muhammad Raihan Muhaimin
- 5,559
- 7
- 47
- 68
13
votes
1 answer
How do you implement token authentication in Flask?
I'm trying to allow users to login to my Flask app using their accounts from a separate web service. I can contact the api of this web service and receive a security token. How do I use this token to authenticate users so that they have access to…

Amerikaner
- 131
- 1
- 1
- 7
12
votes
5 answers
Get user object from token string in DRF?
I have a token string from Django REST Framework's TokenAuthentication.
I need to get the corresponding user object. How would I go about doing this?

Berry
- 2,143
- 4
- 23
- 46
11
votes
4 answers
Web Api OWIN - How to validate token on each request
I have two applications
Client application build on ASP.NET MVC
Authentication server build on Web API + OWIN
Have planned authentication as follow
For user login client app will make a request to authication server with logged in…

paul sim
- 463
- 2
- 10
- 23
11
votes
4 answers
How to modify token endpoint response body with Owin OAuth2 in Asp.Net Web API 2
I want to modify the response body from the token endpoint response.
I've tried to intercept the /Token request with a MessageHandler but it doesn't work.
I'm able to add some additional informations to the response by overriding the…

Samoji
- 305
- 2
- 3
- 11
7
votes
1 answer
Bad Request (400) when using Web API Token Authentication from Angular JS
I want to establish Web API Token Authentication with Angular JS as client. I am very new to this concept of Token Authentication inside Web API.
I do not want to use ASP.NET Identity default tables to add or authenticate user. I have my own…

simple user
- 349
- 3
- 22
- 44
7
votes
3 answers
How to avoid/fix "Auth0Lock is not defined" exception
I am trying to use the Auth0 for social login but I keep getting an exception of an undefined reference.
This is the authentication service
import { Injectable } from '@angular/core';
import { tokenNotExpired } from 'angular2-jwt';
// Avoid…

Siya Mzam
- 4,655
- 1
- 26
- 44
7
votes
1 answer
django rest framework - adding to views.obtain_auth_token
I have implemented Token Authentication with django rest framework and I can post username and password to /api-token-auth/ and get the token.
url(r'^api-token-auth/', token_views.obtain_auth_token)
In addition to the token, I want to get the User…

Ofek Agmon
- 5,040
- 14
- 57
- 101