How to create Token Based Authentication in Django Rest Framework — Part 1

In the previous stories, I already talk a lot about Django Rest Framework.

• Simple Rest API using Django Rest Framework
• CRUD in Django Rest Framework — Part 1
• CRUD in Django Rest Framework — Part 2
• Validation in Django Rest Framework Serializers
• Introduction to GenericAPIView in Django Rest Framework
• Introduction to Viewset Django Rest Framework

Now, in this story, I will show you how to create Auth Token Authentication in Django Rest Framework. We will use project from pervious story, you can clone it from my github https://github.com/ArRosid/learn-def

Okay let’s start. In the last story about Viewset in django, we have our views.py like this

from rest_framework import viewsets
from . import models
from . import serializers
class ArticleViewSet(viewsets.ModelViewSet):
    serializer_class = serializers.ArticleSerializer
    queryset = models.Article.objects.all()

Now let’s edit this view to add permission_class, so if the user is not logged in yet, they can’t access the API.

from rest_framework import viewsets
from . import models
from . import serializers
from rest_framework.permissions import IsAuthenticated
class ArticleViewSet(viewsets.ModelViewSet):
    serializer_class = serializers.ArticleSerializer
    queryset = models.Article.objects.all()
    permission_classes = [IsAuthenticated,]

Now let’s access the API from our browser

Okay, Now we get 403 Forbidden, Authentication credentials wer not provided.

Let’s create Auth Token Authentication. First, edit settings.py file

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'app',
    'rest_framework',
    'rest_framework.authtoken'
]
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication', 
    ],
}

Now let’s migrate our project

Ahmads-MacBook-Air:$ python manage.py migrate
Operations to perform:
  Apply all migrations: admin, app, auth, authtoken, contenttypes, sessions
Running migrations:
  Applying authtoken.0001_initial... OK
  Applying authtoken.0002_auto_20160226_1747... OK

Let’s create a user

Ahmads-MacBook-Air:$ python manage.py createsuperuser
Username (leave blank to use 'arrosid'): admin
Email address: 
Password: 
Password (again): 
This password is too common.
Bypass password validation and create user anyway? [y/N]: y
Superuser created successfully.

Now let’s try to create token for user admin

Ahmads-MacBook-Air:$ python manage.py drf_create_token admin
Generated token 0c5f18467d0c3aa54630e2c9442c2a014b648e95 for user admin

Okay we get a token for admin user. Let’s use it

Here I use chropath extension in Google Chrome. Here what we will get

If we disable the cropath, we will get output like this

OK Cool!!!

I think this is the end of this story, In the next story, we will create API for login system. You can always clone the project from my github https://github.com/ArRosid/learn-def

See you on the next awesome story! Stay tune!!