Dino Geek, try to help you

How to implement token-based authentication in Django?


Implementing token-based authentication in Django involves several steps, including creating and configuring a token model, setting up the authentication middleware, generating tokens, and using them in requests. Here is how you could do it:

1. Install and Import Django REST Framework: The Django REST framework is an essential tool for token-based authentication. If not already installed, you may install it using pip:
```
pip install djangorestframework
```

2. Token Model and Settings: First, include the Django REST framework in the installed apps and default authentication classes as follows:
```python
INSTALLED_APPS = [ … ‘rest_framework’,
]

REST_FRAMEWORK = { ‘DEFAULT_AUTHENTICATION_CLASSES’: [ ‘rest_framework.authentication.TokenAuthentication’, ],
}
```

1. Generate a Token for a User: Once you have configured your application for token authentication, you need to generate a token for each user. Here, you use Django’s signals, which are triggered after a model’s save method has been called. Django provides a pre-configured token model and a signal for creating a token every time a user is created. This can be achieved as follows:
```
from django.dispatch import receiver
from django.db.models.signals import post_save
from django.contrib.auth.models import User
from rest_framework.authtoken.models import Token

@receiver(post_save, sender=User)
def create_auth_token(sender, instance=None, created=False, **kwargs): if created: Token.objects.create(user=instance)
```

1. Using a Token in a Request: After a token has been created, it can be included in the authentication header to authenticate a user for a given request. The token should be prefixed with the string literal “Token”, followed by whitespace and the key itself. Like this:
```
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
```

1. Middleware and View: Lastly, make sure that `‘django.middleware.csrf.CsrfViewMiddleware’` is included in your MIDDLEWARE to ensure that the user is authenticated for every view using the `@permission_classes` decorator with an `IsAuthenticated` parameter, to enforce the authentication at the view level.
```
from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated

api_view(['GET']) permission_classes([IsAuthenticated])
def example_view(request, format=None): content = { ‘user’: str(request.user), ‘auth’: str(request.auth), } return Response(content)
```

To sum up, by leveraging Django REST framework, the token-based authentication procedure can be implemented systemically in Django.

Sources:
- Django REST Framework Documentation (https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication)
- Django Documentation (https://docs.djangoproject.com/en/3.1/topics/signals/)
- DjangoCon US (https://2014.djangocon.us/news/security-bulletin-1/)
- Django for API (https://djangoforapis.com/library-website-and-api/#authenticationpermissions)


Simply generate articles to optimize your SEO
Simply generate articles to optimize your SEO





DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP

| Whispers of love (API) | Déclaration d'Amour |






Legal Notice / General Conditions of Use