Django,Angular,& DRF:认证到Django后端与API [英] Django, Angular, & DRF: Authentication to Django backend vs. API
问题描述
由于所有用户数据将通过API进行检索或提交,API API认证是否足够?如果是这样,我需要删除现有的Django身份验证中间件吗?
现在,当我尝试在早期版本的应用程序中点击API端点时,我指向什么看起来像正常的Django登录表单。如果输入了有效的用户名和密码,则不起作用 - 仅提示再次登录。删除基本的Django身份验证会阻止这一点吗?我想被提示登录,但是我不知道如何使用这些技术来处理。
包django-rest-auth似乎很有用,同样的组成一个角度的模块 - 但文档不会过去安装和提供的端点。最终,我认为这个问题的核心是:如何将身份验证从Django提供的内容转换为django-rest-auth或DRF推荐的其他第三方软件之一呢?
编辑:我在下面提到了这个评论,但我意识到我需要弄清楚auth是如何工作的。我没有构建一个单一的页面应用程序,所以单独的基本页面将从Django提供,但是每个页面都将触发各种API端点来检索所需的数据。有没有办法像django-rest-auth handle 所有认证?
任何人绊倒这个问题,我不知道如何使混合方式工作。让Django提供每个包含API调用的页面似乎都可以,但是我从来没有看到任何对API的请求 - 我认为是由于其他一些安全问题。我确定这是可能的,但我决定去单独的页面应用程序实现,以使事情更简单。
I'm building an app with a Django backend, Angular frontend, and a REST API using Django REST Framework for Angular to consume. When I was still working out backend stuff with a vanilla frontend, I used the provided Django authentication to handle user auth- but now that I'm creating a REST based app, I'm not sure how to approach authentication.
Since all user data will be either retrieved or submitted via the API, should API authentication be enough? If so, do I need to remove the existing Django authentication middleware?
Right now, when I try to hit API endpoints on an early version of the app, I'm directed to what looks like the normal Django login form. If I enter a valid username and password, it doesn't work- just prompts to login again. Would removing the basic Django authentication prevent this? I want to be prompted to login, however I'm not sure how to handle that with these technologies.
The package django-rest-auth seems useful, and the same group makes an Angular module- but the docs don't go much past installation and the provided endpoints. Ultimately, I think the core of this question is: how do I entirely switch authentication away from what's provided by Django to something like django-rest-auth or one of the other 3rd party packages recommended by DRF?
edit: I made this comment below, but I realized that I need to figure out how combined auth will work. I'm not building a single page app, so individual basic pages will be served from Django, but each page will hit various API endpoints to retrieve the data it needs. Is there a way to have something like django-rest-auth handle all authentication?
To anyone that stumbles onto this question, I couldn't figure out how to make the hybrid approach work. Having Django serve pages that each contained API calls seemed OK, but I never saw any requests made to the API- I believe due to some other security issues. I'm sure it's possible, but I decided to go for the single page app implementation after all to make things simpler.
这篇关于Django,Angular,& DRF:认证到Django后端与API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
