Menu
As of now, I have a Django REST API and everything is hunky dory for the web app, wherein I have implemented User Auth in the backend. The "login_required" condition serves well for the web app, which is cookie based.
I have an Android app now that needs to access the same API. I am able to sign in the user. What I need to know is how to authenticate every user when they make GET/POST request to my views?
My research shows a couple of solutions: 1) Cookie-backed sessions 2) Send username and password with every GET/POST request(might not be secure)
Any ideas?
893
It sounds like you're using Django REST Framework in which case TokenAuthentication might be suitable. From the docs:
This authentication scheme uses a simple token-based HTTP Authentication scheme. Token authentication is appropriate for client-server setups, such as native desktop and mobile clients
You don't need to pre-generate the tokens as clients can ask for one using the built-in view obtain_auth_token which you configure in your urls.py.
Once the client has obtained the token for the session they can provide it on subsequent API calls using the Authorization: HTTP header.
Check out the docs for more info: http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication
180
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
