Security Token Authentication Django Rest Framework

0

Good people I'm using DRF (I'm newbie rs), to put together a small API. The problem comes in authentication ... thinking of expanding my API to use in a mobile app in the future, I've been wanting to use token authentication. It's all working fine but I do not know where to save the token in a web application. Saving the token in a cookie does not seem to me to be safe: / I wondered how best to save the token in a web application. Would it be better to create a mobile (token) and a web (session and cookie) api? Thanks in advance: D

    
asked by anonymous 23.09.2016 / 16:01

1 answer

1

I suggest using SessionAuthetication for web version and TokenAuthentication for mobile version, since it is possible to use more than one authentication scheme because of the way authentication < a given . DRF itself uses SessionAuthentication in its BrowsableApi, here it adds the rest_framework.urls that points to Django login and logout views.

    
24.09.2016 / 20:02