Our great sponsors
-
Baserow
Open source no-code database and Airtable alternative. Create your own online database without technical experience. Performant with high volumes of data, can be self hosted and supports plugins (by bramw)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I'd also written an article on token authentication for django: https://www.spapas.net/2021/08/25/django-token-rest-auth/ using the REST Framework's TokenAuthentication.
This is simplest thing for most cases.
The session authentication that is proposed in the article is also great but has two problems:
* It will be hacky to implement for mobile apps (it should be possible but would not be something I'd like to do, I had tried in the past and remember that I needed to jump to a lot of hoops to "pick" that session cookie)
* The cookies can't be shared between different domains (cookies be shared the same domain or between a parent and child domain, i.e api.example.com can set/get cookies from .example.com).
So you can use the SessionAuthnentication if your frontend and backend share their domain and you know that your API won't ever be used for mobiles apps. On all other cases use TokenAuthentication.
I don't have experience with JWT Authentication, however I know it can be done and is used be various apps f.e baserow: https://gitlab.com/bramw/baserow/-/blob/develop/backend/src/...
Related posts
- Just released Baserow 1.15 with timezone support, today() & now() formula functions, personal views and more - open-source Airtable alternative.
- Baserow for Developers: January Developer Digest
- 🎉 Just released Baserow 1.14 with the audit log, Baserow role based permissions & more…!
- Check out Baserow 1.13 with role-based access control and SSO + support us on Product Hunt 🚀 - Open Source Airtable alternative
- 🔥 We’ve just released 1.13.1 with direct support for enterprise, hiding form view fields via query parameters, and many other things.