stackoom
  简体   繁体   中英

How do I authenticate API requests (by anonymous user) in Django rest framework?

 原文  2015-06-02 12:11:22       django/ django-rest-framework

Question

The API requests will be sent by anonymous users. No Login/register functionality is present.

I need to authenticate the API requests, one primitive way I tried was to send an auth key in each request. This auth key, I is saved in the Angular frontend as a constant.

There must be a better and more sophisticated way, kindly help!

2 answers

solution1
 12  2015-06-02 23:02:56

Django REST framework largely assumes that requests are authenticated based on a user, but they do provide support for authentication anonymous requests. While this largely breaks from the assumption that "authentication" means "verifying a (Django) user is genuine", Django REST framework does allow it to happen and just substitutes the AnonymousUser instead.

Authentication in DRF can define both the request.user (the authenticated user) and request.auth (generally the token used, if applicable) properties on the request. So for your authentication, you would be holding on to tokens you have created (in a model or somewhere else) and those would be validated instead of the user credentials, and you would just end up not setting the user. 

from django.contrib.auth.models import AnonymousUser
from rest_framework import authentication
from rest_framework import exceptions

class ExampleAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        auth = authentication.get_authorization_header(request)

        if not auth or auth[0].lower() != b'token':
            return None

        if len(auth) == 1:
            msg = _('Invalid token header. No credentials provided.')
            raise exceptions.AuthenticationFailed(msg)
        elif len(auth) > 2:
            msg = _('Invalid token header. Credentials string should not contain spaces.')
            raise exceptions.AuthenticationFailed(msg)

        try:
            token = Token.objects.get(token=auth[1])
        except Token.DoesNotExist:
            raise exceptions.AuthenticationFailed('No such token')

        return (AnonymousUser(), token)

This example assumes that you have a Token model which stores the tokens that will be authenticated. The token objects will be set to request.auth if the request was authenticated properly.

solution2
 0  2015-06-02 12:32:57

阅读有关身份验证及其教程的其他api文档 - 它们为选项提供了可靠的介绍。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cannot Authenticate Test Requests with Both User Token and API Key in Django Rest Framework How do I limit requests per user in Django rest framework using throttling? Django rest framework - how can i limit requests to an API endpoint? How do I set permissions for POST requests in Django REST Framework? How to do user registration in Django REST framework api How do I use an Django Rest Framework with API key per account (not user)? How can I authenticate a user who belongs to another database through my other microservice in django rest framework? Can't authenticate a user in Django rest framework Django REST framework TokenAuthentication returns anonymous user Django rest framework Anonymous user is always Authenticated
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM