How to create Token Based Authentication in Django Rest Framework — Part 1
In the previous stories, I already talk a lot about Django Rest Framework.
- Simple Rest API using Django Rest Framework
- CRUD in Django Rest Framework — Part 1
- CRUD in Django Rest Framework — Part 2
- Validation in Django Rest Framework Serializers
- Introduction to GenericAPIView in Django Rest Framework
- Introduction to Viewset Django Rest Framework
Now, in this story, I will show you how to create Auth Token Authentication in Django Rest Framework. We will use project from pervious story, you can clone it from my github https://github.com/ArRosid/learn-def
Okay let’s start. In the last story about Viewset in django, we have our views.py like this
from rest_framework import viewsets
from . import models
from . import serializersclass ArticleViewSet(viewsets.ModelViewSet):
serializer_class = serializers.ArticleSerializer
queryset = models.Article.objects.all()
Now let’s edit this view to add permission_class, so if the user is not logged in yet, they can’t access the API.
from rest_framework import viewsets
from . import models
from . import serializers
from rest_framework.permissions import IsAuthenticatedclass ArticleViewSet(viewsets.ModelViewSet):
serializer_class = serializers.ArticleSerializer
queryset = models.Article.objects.all()
permission_classes = [IsAuthenticated,]
Now let’s access the API from our browser
Okay, Now we get 403 Forbidden, Authentication credentials wer not provided.
Let’s create Auth Token Authentication. First, edit settings.py file
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'app',
'rest_framework',
'rest_framework.authtoken'
]REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.TokenAuthentication',
],
}
Now let’s migrate our project
Ahmads-MacBook-Air:$ python manage.py migrate
Operations to perform:
Apply all migrations: admin, app, auth, authtoken, contenttypes, sessions
Running migrations:
Applying authtoken.0001_initial... OK
Applying authtoken.0002_auto_20160226_1747... OK
Let’s create a user
Ahmads-MacBook-Air:$ python manage.py createsuperuser
Username (leave blank to use 'arrosid'): admin
Email address:
Password:
Password (again):
This password is too common.
Bypass password validation and create user anyway? [y/N]: y
Superuser created successfully.
Now let’s try to create token for user admin
Ahmads-MacBook-Air:$ python manage.py drf_create_token admin
Generated token 0c5f18467d0c3aa54630e2c9442c2a014b648e95 for user admin
Okay we get a token for admin user. Let’s use it
Here I use chropath extension in Google Chrome. Here what we will get
If we disable the cropath, we will get output like this
OK Cool!!!
I think this is the end of this story, In the next story, we will create API for login system. You can always clone the project from my github https://github.com/ArRosid/learn-def
See you on the next awesome story! Stay tune!!