Authentication (durin.auth)

Durin provides one TokenAuthentication backend and CachedTokenAuthentication which uses memoization for faster look ups.

TokenAuthentication

class durin.auth.TokenAuthentication[source]

Bases: rest_framework.authentication.BaseAuthentication

This authentication scheme uses Durin’s durin.models.AuthToken for authentication.

Similar to DRF’s authentication system, it overrides it a bit to accomodate that tokens can be expired.

If successful,

  • request.user will be a django User instance

  • request.auth will be an AuthToken instance

Durin tokens should be generated using the provided views. Any APIView or ViewSet can be accessed using these tokens by adding TokenAuthentication to the View’s authentication_classes. To authenticate, the Authorization header should be set on the request, like:

Authorization: Token adee69d0e4bbdc6e4m9836F45E23A325

Note: The prefix can be configured by setting the REST_DURIN["AUTH_HEADER_PREFIX"] (ref).

Example Usage:

from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView

from durin.auth import TokenAuthentication

class ExampleView(APIView):
    authentication_classes = (TokenAuthentication,)
    permission_classes = (IsAuthenticated,)

    def get(self, request, *args, **kwargs):
        content = {
            'foo': 'bar'
        }
        return Response(content)

Tokens expire after a preset time. See settings.DEFAULT_TOKEN_TTL.

CachedTokenAuthentication

class durin.auth.CachedTokenAuthentication[source]

Bases: durin.auth.TokenAuthentication

Similar to TokenAuthentication but uses django-cache-memoize as cache backend for faster lookups.

The cache timeout is configurable by setting the REST_DURIN["TOKEN_CACHE_TIMEOUT"] under your app’s settings.py.

How To Enable:

  1. Install django-cache-memoize

pip install django-cache-memoize

  1. Then you need to use CachedTokenAuthentication instead of TokenAuthentication.

Global usage on all views

You can activate Durin’s durin.auth.TokenAuthentication or durin.auth.CachedTokenAuthentication on all your views by adding it to REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] under your app’s settings.py. Make sure to not use both of these together.

Warning

If you use Token Authentication in production you must ensure that your API is only available over HTTPS (SSL).