This means that a JSON Web Token contains all the information needed for the server to authenticate the client, the server does not have to store anything. Unlike TokenAuthentication where the token is randomly generated and the authentication details are stored on the server, JWT is self-contained. JWT, short for JSON Web Token is an open standard for communicating authorization details between server and client. To get around this, one way is to choose to not delete the token on logout, but that is not recommended because it is an insecure approach to fix this problem. This means making multi-device logins work is usually a pain. The way TokenAuthentication is designed, it deletes the token every time the user logs out and generates a new one on login. While it is considered fine to use TokenAuthentication for Server-to-Server communication, it does not play well in modern scenarios with Single Page Applications. It generates one token for each user and stores it into the database. In this mechanism, the server generates a token for the authenticated user and the user has to send the token along with all the HTTP requests to identify themselves.ĭRF’s default TokenAuthentication class is a very basic version of this approach. Token-based authentication is the most preferred method of implementing authentication in modern APIs.
BasicAuthentication, SessionAuthentication, and TokenAuthentication to name a few. It comes with Authentication Classes that help to build secure APIs without spending a lot of time.ĭjango REST Framework comes with various default Authentication Classes. Django REST Framework is an excellent tool for building APIs in Django.
0 kommentar(er)
