如何在django-rest-framework中使用TokenAuthentication for API [英] How to use TokenAuthentication for API in django-rest-framework

问题描述

我有一个django项目，使用django-rest-framework创建api。

想要使用令牌库认证系统，所以api调用（put，post，

我安装了'rest_framework.authtoken'并为每个用户创建了令牌。

所以，现在从django.contrib.auth.backends认证，它返回用户，用auth_token作为属性。 （当成功挂起）。

现在我的问题是如何将发送请求的令牌发送到我的api和
在api侧如何验证如果令牌有效并且属于正确的用户？

app rest_framework.authtoken中是否有任何方法验证给定的用户及其令牌？
未找到此非常有用！

更新（我做的更改）：
在我的settings.py中添加了这个：

  REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES'：（
'rest_framework.authentication.BasicAuthentication'，
'rest_framework.authentication.SessionAuthentication'，
'rest_framework.authentication.TokenAuthentication'，
）
} 
  

还在我的标题中发送令牌，但仍然无法工作：

$ b

  if new_form.is_valid：
 payload = {createNewUser：
 {users：request.POST [newusers]，
email：request.POST [newemail] 
} 
} 
 
 headers = {'content-type'：' application / json'，
'Authorization'：'Token 6b929e47f27806 8fe6ac8235cda09707a3aa7ba1'} 
 
r = requests.post（'http：// localhost：8000 / api / v1.0 / user_list'，
 data = json.dumps（payload），
 headers = headers，verify = False）
  

解决方案

如何将发送请求的令牌发送到我的api

从文档...

对于客户端进行身份验证，令牌密钥应包含在授权HTTP头中。密钥应以字符串文字令牌为前缀，空格分隔两个字符串。例如：

 授权：Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b 
  

在api侧如何验证令牌是否有效并且属于正确的用户？

你不需要做任何事情，只需访问 request.user 返回经过身份验证的用户 - REST框架将处理返回'401未经授权'对任何不正确的认证作出回应。

I have a django project, using django-rest-framework to create api.

Want to use token base authentication system so api call for (put, post, delete) will only execute for authorized user.

I installed 'rest_framework.authtoken' and created token for each users.

So, now from django.contrib.auth.backends authenticate, it returns user, with auth_token as attribute. (when loged in successfully).

Now my question is how can I send the token with post request to my api and at api side how can I verify if token is valid and belongs to the correct user?

Are there any methods in app rest_framework.authtoken to validate given user and its token? not found this very useful!

Update (changes I made): Added this in my settings.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    )
}

Also sending Token in my header but its still not working:

if new_form.is_valid:
    payload= {"createNewUser":
              { "users": request.POST["newusers"],
                "email": request.POST["newemail"]
                }
              }

    headers =  {'content-type' : 'application/json', 
                'Authorization': 'Token 6b929e47f278068fe6ac8235cda09707a3aa7ba1'}

    r = requests.post('http://localhost:8000/api/v1.0/user_list',
                      data=json.dumps(payload),
                      headers=headers, verify=False)

解决方案

"how can I send the token with post request to my api"

From the docs...

For clients to authenticate, the token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:

Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b

"at api side how can I verify if token is valid and belongs to the correct user?"

You don't need to do anything, just access request.user to return the authenticated user - REST framework will deal with returning a '401 Unauthorized' response to any incorrect authentication.

这篇关于如何在django-rest-framework中使用TokenAuthentication for API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！