Use cookies and sessions (not JWTs) for authentication

• Baserow

  45 - - Python,JavaScript

  Open source no-code database and Airtable alternative. Create your own online database without technical experience. Performant with high volumes of data, can be self hosted and supports plugins (by bramw)

I'd also written an article on token authentication for django: https://www.spapas.net/2021/08/25/django-token-rest-auth/ using the REST Framework's TokenAuthentication.

This is simplest thing for most cases.

The session authentication that is proposed in the article is also great but has two problems:

* It will be hacky to implement for mobile apps (it should be possible but would not be something I'd like to do, I had tried in the past and remember that I needed to jump to a lot of hoops to "pick" that session cookie)

* The cookies can't be shared between different domains (cookies be shared the same domain or between a parent and child domain, i.e api.example.com can set/get cookies from .example.com).

So you can use the SessionAuthnentication if your frontend and backend share their domain and you know that your API won't ever be used for mobiles apps. On all other cases use TokenAuthentication.

I don't have experience with JWT Authentication, however I know it can be done and is used be various apps f.e baserow: https://gitlab.com/bramw/baserow/-/blob/develop/backend/src/...

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project