PASETO Authentication for Django REST Framework
Project description
Installation Guide for drf-paseto
drf-paseto
is a Django REST Framework authentication backend that uses PASETO (Platform-Agnostic Security Tokens) for secure authentication.
Step 1: Install the Package
First, you need to install the package. If the package is published on PyPI, you can install it using pip
. Otherwise, if you're installing it from a local build, follow the steps below.
pip install drf_paseto
If you are installing it from a local repository, clone the repository and install it:
git clone https://github.com/bahmany/drf_paseto.git
cd drf-paseto
pip install .
Step 2: Add the Package to Your Installed Apps
Add drf_paseto_auth
to the INSTALLED_APPS
in your Django project's settings.py
file:
INSTALLED_APPS = [
...
'drf_paseto',
...
]
Step 3: Update Django REST Framework Authentication Settings
Update the REST_FRAMEWORK
settings in your settings.py
file to use PasetoAuthentication
as the default authentication class:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'drf_paseto_auth.authentication.PasetoAuthentication',
),
}
Step 4: Set Your PASETO Secret Key
Ensure that you have a secure secret key set up in your settings.py
file. This key will be used to sign and verify the PASETO tokens.
SECRET_KEY = 'your-very-secure-and-random-secret-key'
You should replace 'your-very-secure-and-random-secret-key'
with a secure, randomly generated string.
Step 5: Create a Login View to Generate PASETO Tokens
Create a new view in your Django app to authenticate users and generate PASETO tokens. Add the following code to your views.py
:
from django.contrib.auth import authenticate
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status
from drf_paseto.authentication import PasetoAuthentication
class LoginView(APIView):
authentication_classes = [] # No authentication needed for login
def post(self, request):
username = request.data.get('username')
password = request.data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
token = PasetoAuthentication.generate_token(user)
return Response({'token': token}, status=status.HTTP_200_OK)
else:
return Response({'error': 'Invalid credentials'}, status=status.HTTP_401_UNAUTHORIZED)
Step 6: Add URLs for the Login View
Add a URL pattern to your urls.py
file to expose the login view:
from django.urls import path
from .views import LoginView
urlpatterns = [
path('login/', LoginView.as_view(), name='login'),
]
Step 7: Protect Your API Endpoints
To protect your API endpoints with PASETO authentication, use the IsAuthenticated
permission class. The custom PasetoAuthentication
class will handle token verification.
from rest_framework.permissions import IsAuthenticated
from rest_framework.views import APIView
from rest_framework.response import Response
class ProtectedView(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
return Response({'message': 'This is a protected view.'})
Step 8: Test the Setup
-
Start the Django development server:
python manage.py runserver
-
Login to get a PASETO token:
Send a
POST
request to the/login/
endpoint with a validusername
andpassword
. You will receive a PASETO token in the response. -
Access Protected Endpoints:
Use the received token to access protected endpoints by including it in the
Authorization
header as a Bearer token:Authorization: Bearer <your-paseto-token>
Conclusion
By following these steps, you have successfully installed and configured drf-paseto
for PASETO-based authentication in your Django REST Framework project. This setup ensures a more secure token-based authentication mechanism compared to JWT.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for drf_paseto-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 53c8c677ad51ba153afb8282e6fc61356305e97a984ab187439ecb1e7398865a |
|
MD5 | 040b09df1498c4b76f2913fd3c2a3f03 |
|
BLAKE2b-256 | 916f296038ccbd3a7bd0e368d7624d26535c6861b0b36b9a1d283fd187f9e061 |