Menu
I have an iOS app that uses an API powered by Django REST framework to store, update, fetch data from a database. I need to provide the two more following functionalities which stores the user data at the server:
There appears to be two different authentication systems that I can use:
How should I handle this in my API?
748
JSON Web Token Authentication Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. A package for JWT authentication is djangorestframework-simplejwt which provides some features as well as a pluggable token blacklist app.
Django comes with a user authentication system. It handles user accounts, groups, permissions and cookie-based user sessions.
Authentication is a mechanism that provides access control based on the credentials associated with incoming requests. Django REST Framework provides several authentication schemes.
Step 1: Find that phone number existing in the phone model. Step 2: Generate a key of base32 using base64 library. Step 3: Use the Key to generate an Object of class pyotp. Step 4: Now using the Counter of User model and OTP code sent by the user, validate the authenticity of the user.
When you are using Django REST framework with iOS, unless you are using a browser, the standard Django authentication system is out of the question. This is exposed through the DRF authentication system as SessionAuthentication and it relies on your application being able to transfer cookies and the CSRF token with the request, which typically isn't possible.
In most situations where you are using the Django authentication system already, and you can trust your app storing passwords, you would use something like BasicAuthentiction. Most people can't though, or they don't trust their application ecosystem, so they use a token-based authentication system like TokenAuthentication or OAuth2Authorization (in combination with an OAuth provider). You can read more about each authentication type in this answer on Stack Overflow.
But in your situation, you are basically restricted to just using something like OAuth 2. This is because you need to associate a user with a token, and most authentication systems require you to provide a username and password. For social accounts, this usually isn't the case, and they would not normally be able to log in. OAuth 2 works in combination with the standard Django login, so you are not restricted to just a username and password. I've written more about how this works in this detailed Stack Overflow answer.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
