I'm sure you may also find it challenging while implementing token authentication using the Django Rest framework. so here is the solutions that help you out to solve the issue.
2. Summary
It’s been a long I’ve been using different Python
frameworks. However, I’m more comfortable
with the Django REST framework. When you are
working with different frameworks, you might
face different sorts of chellanges. I personally
find it challenging to implement token-based
authentication in most cases. I realized that the
problem behind the challenge is not its
implementation but its actual usage. And it
seems intriguing to me, so I thought to dig
deeper into this topic.
I’m sure you may also find it challenging to use
token-based authentication in the Django REST
framework. And that’s why I would like to share
this blog post with you that concerns Django
REST framework authentication from my
personal experience.
3. Token authentication is essential to know
because the code will only proceed further if the
authentication runs smoothly. It seems like
token is a sort of key containing your identity to
open the door and begin with your journey.
In this blog, I would like to impart my
knowledge regarding how to implement token
authentication using the Django REST
framework.
4. Let me make it simple for you, Token-based
Authentication works on the exchange of
username and password for its token, which will
be used further in all the requests made to verify
that user on the server-side and to provide
permission to proceed.
Let’s read further and get through the common
challenges regarding the implementation of the
Django REST framework authentication. For
your convenience, I have divided this blogpost
into various sections to make it simpler.
Introduction
‘A Token is a key to unlock
the door of your identity
and start your journey.’
5. 1.What is the Django REST framework?
2.How to set up the REST API project?
3.How to implement Token Authentication?
4.How would a user request a Token?
5.Conclusion
Content to
cover
7. As documentation states,
Django REST framework is a powerful and
flexible toolkit for building Web APIs.
Django REST framework is considered the most
flexible and comfortable Python framework that
lets you create RESTful APIs at your ease. It
provides an easier way for data transmission
between the interface and the database. It will
separate data storage and the user interface; it
will communicate both via the .json file.
Now the question might arise why one should
choose the Django REST framework from
different Python frameworks. Here are some
reasons which would back up your choice:
1.Authentication policies include packages for
both OAuth1a and OAuth2.
2.Customizable and Flexible
3.Provides etensive usability
4.Serialization supports ORM and non-ORM
data.
5.Trusted by international companies.
9. Installation of Django and Django REST
framework.
Creation of a new project.
Navigating to the myproject folder.
Starting a new app; here myapp.
So far, we have learned about the fundamentals
of the Django REST framework and Token
Authentication. Moving ahead to the next set-up
of the REST API project.
You can skip this if you are aware of setting it
up.
pip install django
pip install djangorestframework
django-admin startproject myproject
cd myproject
django-admin startapp myapp
11. myproject/
|-- myapp/
| |-- migrations/
| |-- __init__.py
| |-- admin.py
| |-- apps.py
| |-- models.py
| |-- tests.py
| +-- views.py
|-- __init__.py
|-- settings.py
|-- urls.py
+-- wsgi.py
manage.py
Now further add the main app, which you’ve
created, and the rest_framework, which you’ve
installed to INSTALLED_APPS, which is inside
module named settings.py.
12. myproject/settings.py
INSTALLED_APPS = [
# Django Apps
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
# Third-Party Apps
'rest_framework',
# (Your project's apps)
'myproject.myapp',
]
To install the app and update the database with
this new model, it is necessary to return to the
project root, where the manage.py script is
located, and run this command for migration.
python manage.py migrate
13. I hope you are clear about the set-up and
migration part so far. Let’s proceed with creating
our first API view for testing it out.
myproject/myapp/views.py
from rest_framework.views import APIView
from rest_framework.response import
Response
class DemoView(APIView):
def get(self, request):
content = {'message': 'Hello! This is a Demo!'}
return Response(content)
14. Now the second step is to register the path.
myproject/urls.py
from django.urls import path
from myproject.myapp import views
urlpatterns = [
path('demo/', views.DemoView.as_view(),
name='demo'),
]
So, an API with one endpoint, /demo/, to
perform GET requests is ready.You can test this
API by accessing http://127.0.0.1:8000/demo/ in
your browser. You can request the response in
the form of direct JSON data using this URL
http:://127.0.0.1:8000/demo/?format=json.
15. I prefer the command line more as it is easy to
play with request headers, and if you are
comfortable using it as well, try either use cURL
or HTTPie
curl http:://127.0.0.1:8000/demo/
http http:://127.0.0.1:8000/demo/
Now, moving further with protecting this
endpoint to implement Django REST framework
authentication.
myproject/myapp/views.py
from rest_framework.views import APIView
from rest_framework.response import
Response
from rest_framework.permissions import
IsAuthenticated
16. class DemoView(APIView):
permission_classes = (IsAuthenticated,)
def get(self, request):
content = {'message': 'Hello! This is a Demo'}
return Response(content)
Try reaccessing the endpoint.
http http://127.0.0.1:8000/demo/
This time you will encounter HTTP 403
Forbidden error. You’ll need token
authentication to be done to access this; let’s get
our hands on it!
18. The implementation of Token Authentication is
quite difficult compared to other Authentication
Schemes, so be patient and digest this step by
step. So, are you ready to learn about Token
Authentication? Perfect! Proceeding further to
gain more knowledge about its implementation.
To carry through the Django REST Framework
Authentication scheme, add this in the
settings.py file to configure the authentication.
myproject/settings.py
20. I would like to draw your attention to the
difference between other authentication
schemes and the Django REST Framework
Authentication Scheme; that is, you need to add
the app to the array of INSTALLED_APPS.
Now migrate the database for creating the table
to store authentication tokens.
python manage.py migrate
After the migration is successfully done, you
need to create a user and use the manage.py
command-line utility.
python manage.py createsuperuser --username
simon --email simon@test.com
For generating the token, just in case you want
to test it, the command-line utility is most
comfortable again.
python manage.py drf_create_token simon
21. You will receive a generated token after running
the above command.
For example, let’s assume the random string
generated, which you will use for token
authentication, is
9054f7aa9305e012b3c2300408c3cddf390fcdde
Try to make one more request to our endpoint
/demo/
http http://127.0.0.1:8000/demo/
You will observe that some extra information
has been displayed on your screen. This the time
for using the token finally!
http http://127.0.0.1:8000/demo/ 'Authorization:
Token
9054f7aa9305e012b3c2300408c3cddf390fcdde'
22. Yes, that’s it! Now for your every request, you
need to use
Authorization: Token
9054f7aa9305e012b3c2300408c3cddf390fcdde
in your header part so it can be authenticated on
the server-side and proceed with the request
further.
In case you are using cURL, you should run this
command-
curl http://127.0.0.1:8000/demo/ -H
'Authorization: Token
9054f7aa9305e012b3c2300408c3cddf390fcdde'
Or if it is said to be a Python requests call, you
should follow this-
23. import requests
url = 'http://127.0.0.1:8000/demo/'
headers = {
'Authorization': 'Token
9054f7aa9305e012b3c2300408c3cddf390fcdde'
}
r = requests.get(url, headers=headers)
Or if you want to use Angular, you should use
HttpInterceptor and set your header like this-
24. import { Injectable } from '@angular/core';
import { HttpRequest, HttpHandler, HttpEvent,
HttpInterceptor } from
'@angular/common/http';
import { Observable } from 'rxjs';
@Injectable()
export class AuthInterceptor implements
HttpInterceptor {
intercept(request: HttpRequest, next:
HttpHandler): Observable> {
const user =
JSON.parse(localStorage.getItem('user'));
if (user && user.token) {
request = request.clone({
setHeaders: {
Authorization: `Token ${user.accessToken}`
}
});
}
return next.handle(request);
}
So the implementation of token-based
authentication is completed. Let’s dive deeper
into the Django REST Framework
Authentication to explore more.
26. The Django REST Framework will provide an
endpoint so that the user can request a Token
for authentication with their password and
username.
For that, please include the following route to
your urls.py
myproject/urls.py
from django.urls import path
from rest_framework.authtoken.views import
obtain_auth_token
from myproject.myapp import views
urlpatterns = [
path(demo/', views.DemoView.as_view(),
name='demo'),
path('token-auth/', obtain_auth_token,
name='api_token_auth'),
]
27. Let’s inspect our brand new endpoint
/token-auth/
http http://127.0.0.1:8000/token-auth/
It won’t handle GET requests. It will inform you
to use POST request with username and
password. Try this command.
http post http://127.0.0.1:8000/token-auth/
username=simon password=1234
28. You will get a particular token associated with
the user. Don’t forget to store the token for all
future authentication requests. Even if the
purpose of token authentication is similar, your
way of making the POST requests will depend on
which technology/framework/language you are
using. There are different suggestions for how
and where to store the token for various
applications. You can check that further and
start exploring token authentication.
29. I hope your purpose of landing on this blog post
to understand Django REST framework
authentication is served. If you are looking for
assistance with the Django REST framework and
a helping hand, then get in touch with Bacancy
Tehnology today. Our dedicated Python
developers are well-versed at offering top-of-
the-line Python development services for
mission-critical software projects.
We also let you hire Python developer from us at
your convenience, time zone, and engagement
model to get the job done. We will ensure that all
your requirements will be 100% fulfilled as client
satisfaction is our highest priority.
Conclusion