Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django Rest Framework custom authentication

Django rest framework: Custom Authentication

I want to use custom authentication in my Django app but cannot find how to apply this. The example given in the documentation is clear to me but they did not mention where to create this new class and how to use this.

like image 662
Arbaz Rizvi Avatar asked Sep 29 '15 13:09

Arbaz Rizvi


People also ask

What is the best authentication for Django REST framework?

JSON Web Token Authentication Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. A package for JWT authentication is djangorestframework-simplejwt which provides some features as well as a pluggable token blacklist app.

What is custom authentication in Django?

Authentication backends provide an extensible system for when a username and password stored with the user model need to be authenticated against a different service than Django's default. You can give your models custom permissions that can be checked through Django's authorization system.


1 Answers

How to implement a custom authentication scheme in DRF?

To implement a custom authentication scheme, we need to subclass the DRF's BaseAuthentication class and override the .authenticate(self, request) method.

The method should return a two-tuple of (user, auth) if authentication succeeds, or None otherwise. In some circumstances, we may raise an AuthenticationFailed exception from the .authenticate() method.

Example (from DRF docs):

Lets say we want to authenticate any incoming request as the user given by the username in a custom request header named 'X_USERNAME'.

Step-1: Create the Custom authentication class

To do that, we will create an authentication.py file in my_app.

# my_app/authentication.py from django.contrib.auth.models import User from rest_framework import authentication from rest_framework import exceptions  class ExampleAuthentication(authentication.BaseAuthentication):     def authenticate(self, request):         username = request.META.get('X_USERNAME') # get the username request header         if not username: # no username passed in request headers             return None # authentication did not succeed          try:             user = User.objects.get(username=username) # get the user         except User.DoesNotExist:             raise exceptions.AuthenticationFailed('No such user') # raise exception if user does not exist           return (user, None) # authentication successful 

Step-2: Specify the custom authentication class

After creating the custom authentication class, we need to define this authentication class in our DRF settings. Doing this, all the requests will be authenticated based on this authentication scheme.

'DEFAULT_AUTHENTICATION_CLASSES': (            'my_app.authentication.ExampleAuthentication', # custom authentication class     ... ), 

Note: If you want to use this custom authentication class on per-view basis or per-viewset basis and not on global level, you can define this authentication class explicitly in your views.

class MyView(APIView):      authentication_classes = (ExampleAuthentication,) # specify this authentication class in your view      ... 
like image 73
Rahul Gupta Avatar answered Oct 03 '22 01:10

Rahul Gupta