🐻 Token Authentication and CORS 🐻
Posted on May 31st, 2022
Today’s Topics
- Token authentication in DRF with Djoser
- CORS headers
🎯 Collaborative Project
Work with your team. Tonight, plan out your models – please draw a diagram! – and write down a list of the endpoints you think you will need. It should take you some time to talk this through! What data will those endpoints have to return and what data will they need to accept, if they are POST or PUT/PATCH endpoints?
Your list of planned endpoints should look something like (this is a partial list using examples from Habit Tracker. You’re going to need a bunch more endpoints than this). Keep in mind that you should include endpoints ONLY if you need them, so think about the project requirements.
Example planning for endpoints:
| Request URL | Description | |
|---|---|---|
GET api/habits |
returns a list of all habits for the logged in user | |
GET api/habits/<int:pk> |
returns details about one habit and its associated records | |
POST api/habits |
create a new habit |
No writing code yet! We’ll cover working together on GitHub tomorrow.
📖 Read | 📺 Watch | 🎧 Listen
- Finally Understand Auth in DRF - a Will Vincent talk -> Will isn’t using the Djoser library but he does a great job of reviewing different auth strategies and why you would choose one or the other. Watch this for a better understanding and overview of authentication.
- Julia Evans comic explaining CORS better than MDN does
- More Julia Evans on the Same Origin Policy
- Simple Is Better Than Complex: How to Implement Token Authentication in DRF This does NOT use Djoser, but it’s a great walkthrough of some of what Djoser does for you if you would like more detail.
🔖 Resources
Authentication
- Djoser documentation
- DRF docs: Token-based authentication
- The Ultimate Tutorial for Django REST Framework: Login and Authentication This uses the Djoser library.