Welcome to Django-Rest-Durin!
Per API client token authentication Module for Django-REST-Framework
The idea is to provide one library that does token auth for multiple Web/CLI/Mobile API clients via one interface but allows different token configuration for each client.
Durin authentication is token based, similar to the
built in to DRF. However, it adds some extra sauce:
Durin allows multiple tokens per user. But only one token each user per API client.
Each user token is associated with an API Client.
These API Clients (
durin.models.Client) are configurable via Django’s Admin Interface.
Includes Permission-enforcing to allow only specific clients to make authenticated requests to certain
Configure Rate-Throttling per User <-> Client pair.
All Durin tokens have an expiration time. This expiration time can be different per API client.
Durin provides an option for a logged in user to remove all tokens that the server has - forcing him/her to re-authenticate for all API clients.
Durin tokens can be renewed to get a fresh expiry.
Durin provides a
durin.auth.CachedTokenAuthenticationbackend as well which uses memoization for faster look ups.
- Durin provides Session-Management features. Refer to Session-Management-Views i.e.,
REST view for an authenticated user to get list of sessions (in context of django-rest-durin, this means
AuthTokeninstances) and revoke a session. Useful for pages like “View active browser sessions”.
REST view for an authenticated user to get/create/delete token against a pre-defined client. Useful for pages like “Get API key” where a user can get an API key to be able to interact directly with your project’s RESTful API using cURL or a custom client.
Get started at Installation.