Django Rest框架令牌认证 [英] Django Rest Framework Token Authentication

问题描述

我已经阅读了Django Rest框架指南，并完成了所有的教程。一切似乎都是有道理的，它应该如何工作。我有基本和会话认证工作的描述。
http://django-rest-framework.org/api-guide

然而，我正在努力与文档的令牌认证部分，它有点缺乏或没有深入到教程中。

http://django-rest-framework.org/api-guide / authentication /＃tokenauthentication

它表示我需要为用户创建令牌，但是确定在models.py？

我的问题是：

有人可以在第一个定时器中更好地解释文档的令牌认证部分吗？

解决方案

不，不在你的models.py - 在模型方面的事情，所有你需要做的是包括适当的应用程序（<$您的 INSTALLED_APPS 中的c $ c> rest_framework.authtoken 。这将提供一个外部键入用户的令牌模型。

您需要做的是决定何时以及如何创建这些令牌对象。在您的应用程序中，每个用户是否自动获取令牌？还是只有某些授权用户？或者只有当他们专门请求一个？

如果每个用户都应该有一个令牌，那么在链接的页面上有一段代码，显示如何设置自动创建一个信号：

  @receiver（post_save，sender = User）
 def create_auth_token（sender， instance = None，created = False，** kwargs）：
如果创建：
 Token.objects.create（user = instance）
  

（put this 在models.py文件中，任何地方，当Django线程启动时，它将被注册）

如果令牌只能在特定时间创建，那么在您的查看代码中，您需要在适当的时间创建并保存令牌：

import $ f code $ c


def token_request（request）：
如果user_requested_token（）和token_request_is_warranted（）：
new_token = Token.objects.create（user = request.use r）

一旦创建（并保存）令牌，它将可用于身份验证。 p>

I have read the Django Rest Framework Guides and done all the tutorials. Everything seemed to make sense and work just how it should. I got basic and session authentication working as described. http://django-rest-framework.org/api-guide

However, I'm struggling with the Token Authentication part of the documentation, its a little lacking or does not go into as much depth as the tutorials.
http://django-rest-framework.org/api-guide/authentication/#tokenauthentication

It says I need to create tokens for users but does state where, in models.py?

My question is:

Can someone explain the Token Authentication part of the documentation a little better for a first timer?

解决方案

No, not in your models.py -- on the models side of things, all you need to do is include the appropriate app (rest_framework.authtoken) in your INSTALLED_APPS. That will provide a Token model which is foreign-keyed to User.

What you need to do is decide when and how those token objects should be created. In your app, does every user automatically get a token? Or only certain authorized users? Or only when they specifically request one?

If every user should always have a token, there is a snippet of code on the page you linked to that shows you how to set up a signal to create them automatically:

@receiver(post_save, sender=User)
def create_auth_token(sender, instance=None, created=False, **kwargs):
    if created:
        Token.objects.create(user=instance)

(put this in a models.py file, anywhere, and it will be registered when a Django thread starts up)

If tokens should only be created at certain times, then in your view code, you need to create and save the token at the appropriate time:

# View Pseudocode
from rest_framework.authtoken.models import Token

def token_request(request):
    if user_requested_token() and token_request_is_warranted():
        new_token = Token.objects.create(user=request.user)

Once the token is created (and saved), it will be usable for authentication.

这篇关于Django Rest框架令牌认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！