Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

A Minimal Token-Based Auth for Django

Project Description

Simple Token-based authentication.

Overview

A lot of people talk about having Token Auth for their REST APIs… but what does it actually mean? And what benefit is it?

The token is cryptographically signed chunk of data. In this case it contains the user ID, backend, and a timestamp of when it was issued.

This lets you generate and issue tokens to phone apps, services, etc, and not have to deal with logins, passwords, CSRF, etc.

Install

Add to settings.MIDDLEWARE, after the default authentication middleware:

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'nap_token.middleware.NapTokenMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'cloudselect.middleware.CORSDefeat',
]

Usage

When you want to log in a user, call nap_token.get_auth_token(user), passing a User instance returned from django.contrib.auth.authenticate.

It will return a signed, timestamped token. The client need only pass this in a Authorization header, formatted as ‘Bearer {token}’, for the request to act as that user. If the token is absent, expired, or invalid, requset.user will fall back to the normal Session Based Auth.

Issuing Tokens

As a quick and dirty example of how to issue tokens, here’s an approach that will issue a token for a user who can log in:

from django.http import HttpResponse
from django.contrib.auth.views import LoginView

from nap_token import get_auth_token

class TokenView(LoginView):

    def form_valid(self, form):
        user = form.get_user()
        return HttpResponse(get_auth_token(user))
Release History

Release History

This version
History Node

0.1.2

History Node

0.1.0

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
nap-token-auth-0.1.2.tar.gz (3.1 kB) Copy SHA256 Checksum SHA256 Source Jun 26, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting