使用Django Rest Framework和IOS应用程序时要使用哪个身份验证？ [英] Which authentication to be used when using Django Rest Framework and IOS app?

问题描述

我有一个iOS应用程序，它使用由Django REST框架提供的API来存储，更新，从数据库中获取数据。我需要提供两个以下的功能，将服务器上的用户数据存储起来：

1. 使用电子邮件登录


2. 使用Facebook登录

似乎有两种不同的身份验证系统可供使用：

1. Django用户验证系统


2. Django Rest Framework认证

我应该如何处理我的API？

解决方案

当您在iOS中使用Django REST框架时，除非您使用浏览器，否则标准的Django身份验证系统是不成问题的。这通过 DRF身份验证系统显示为 SessionAuthentication ，它依赖于您的应用程序能够通过请求传输cookie和CSRF令牌，这通常是不可能的。

在大多数情况下已经使用了Django身份验证系统，您可以信任您的应用程序存储密码，您可以使用类似 BasicAuthentiction 。大多数人不可能，或者他们不信任他们的应用程序生态系统，所以他们使用基于令牌的身份验证系统像 TokenAuthentication 或 OAuth2授权 （组合）。您可以在Stack Overflow的这个答案中阅读更多关于每种认证类型的信息。

但在您的情况中，您基本上仅限于使用类似OAuth 2 的内容。这是因为您需要将用户与令牌相关联，大多数身份验证系统需要您提供用户名和密码。对于社交帐户，通常情况并非如此，通常情况下通常不能登录。OAuth 2与标准Django登录结合使用，因此您不仅仅限于使用用户名和密码。我已经在这个详细的堆栈溢出回答中写了更多关于它的作用。

I have an iOS app that uses an API powered by Django REST framework to store, update, fetch data from a database. I need to provide the two more following functionalities which stores the user data at the server:

1. Login with Email
2. Login with Facebook

There appears to be two different authentication systems that I can use:

1. Django User Authentication System
2. Django Rest Framework Authentication

How should I handle this in my API?

解决方案

When you are using Django REST framework with iOS, unless you are using a browser, the standard Django authentication system is out of the question. This is exposed through the DRF authentication system as SessionAuthentication and it relies on your application being able to transfer cookies and the CSRF token with the request, which typically isn't possible.

In most situations where you are using the Django authentication system already, and you can trust your app storing passwords, you would use something like BasicAuthentiction. Most people can't though, or they don't trust their application ecosystem, so they use a token-based authentication system like TokenAuthentication or OAuth2Authorization (in combination with an OAuth provider). You can read more about each authentication type in this answer on Stack Overflow.

But in your situation, you are basically restricted to just using something like OAuth 2. This is because you need to associate a user with a token, and most authentication systems require you to provide a username and password. For social accounts, this usually isn't the case, and they would not normally be able to log in. OAuth 2 works in combination with the standard Django login, so you are not restricted to just a username and password. I've written more about how this works in this detailed Stack Overflow answer.

这篇关于使用Django Rest Framework和IOS应用程序时要使用哪个身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！