DRF 身份验证令牌如何在现实世界中接收 web 应用程序
[英]How is DRF auth token received in a real world web application
问题描述
This question might look stupid but I want to get some clarification.
这个问题可能看起来很愚蠢,但我想澄清一下。 I'm building a Django rest framework application for the very first time.我第一次构建了一个 Django rest 框架应用程序。 I'm able to set up api endpoints for the application.我能够为应用程序设置 api 端点。 And when I register a user he gets a token.当我注册一个用户时,他会得到一个令牌。 And when I login a user through postman it returns a token.当我通过 postman 登录用户时,它会返回一个令牌。 But in real world app, how does the client receive that drf token that is return as json data that is needed to login.但在现实世界的应用程序中,客户端如何接收作为登录所需的 json 数据返回的 drf 令牌。 Does he receive it in his email that he used to register?他是否在他以前注册的 email 中收到它? Also, if the user recieves the token, am I supposed to create another API to contain the field that the user eventually sends the token through before gaining access to the website?此外,如果用户收到令牌,我是否应该创建另一个 API 以包含用户最终通过该字段发送令牌,然后才能访问网站? Please I would appreciate it if I also get a good material that explains the process in details and uncomplicated.如果我也能得到一份很好的材料,详细地解释这个过程,我将不胜感激。
1 个解决方案
解决方案1
1 2021-06-06 04:06:16
The documentation is very clear about how the tokens are to be used. 文档非常清楚如何使用令牌。
if you are using token authentication, when you register a new user a unique token is generated in the tokens table.如果您使用令牌身份验证,当您注册新用户时,会在令牌表中生成一个唯一令牌。 When you log in, you will receive the token from the server.当您登录时,您将收到来自服务器的令牌。 As far as the server is concerned, if you call any API with the token in the header, the user is considered to be logged in. If you call any API without the token (for APIs that require it) you will receive a not logged in message in the response就服务器而言,如果您使用 header 中的令牌调用任何 API,则该用户被视为已登录。如果您调用任何 API,您将收到不需要它的令牌(因为不需要登录的 API)在回复中的消息中
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.