HomeBlogs
Try Complier
HomeBlogsPython Complier

Django : How To Implement Token Authentication In Django And Django Rest Framework

Python
Django
Drf
Authentication
Feb 18 2023 . 5 min read
unsplashimagePhoto by Pawel Czerwinski on Unsplash

Table of Content

Token Authentication is one of the built-in authentication system in Django Rest Framework. Token Authentication is an one time token that is generate for every newly created users, which is unique and static.

Let's Setup Token Authentication

To setup Token Authentication, just follow these steps :


  1. To use Token Authentication, you need to add 'rest_framework.authtoken' in INSTALLED_APPS
    settings.py
    1. INSTALLED_APPS = [
    2.    ...
    3.    'rest_framework.authtoken'
    4.    ...
    5. ]

  2. Now your django project must be configured to use the library. In settings.py, add the authentication classes:
    settings.py
    1. REST_FRAMEWORK = [
    2.    ...
    3.    'DEFAULT_AUTHENTICATION_CLASSES': (
    4.      ...
    5.       'rest_framework.authentication.TokenAuthentication'
    6.      ...
    7.      )
    8.    ...
    9. ]

Agenda

We are going to create three API's here :


  1. Signup Api - That will create an user.

  2. Login Api - That will generate a access and refresh token for authorised user.

  3. Student Api - That will show the student data using the access token.

1. Signup API

To create a signup API, please follow these steps :


Create a serializers.py file within your app level. Let's create a ModelSerializer for Signup.

serializers.py
  1. from rest_framework import serializers
  2. from django.contrib.auth.models import User
  3. from django.contrib.auth.hashers import make_password
  6. class SignupSerializer(serializers.ModelSerializer):
  8.     """override create method to change the password into hash."""
  9.     def create(self, validated_data):
  10.             validated_data["password"] = make_password(validated_data.get("password"))
  11.             return super(SignupSerializer, self).create(validated_data)
  13.     class Meta:
  14.             model = User
  15.             fields = ['username','password']

Here in SignupSerializer class we have override the create method and convert our string password into hash using make_password() function.



Next open a views.py file, and Let's create a APIView class for Signup.

views.py
  1. from rest_framework.views import APIView
  2. from django.contrib.auth.models import User
  3. from rest_framework.response import Response
  4. from rest_framework import status
  5. from .serializers import SignupSerializer
  8. class SignupAPIView(APIView):
  9.     """This api will handle signup"""
  11.     def post(self,request):
  12.             serializer = SignupSerializer(data = request.data)
  13.             if serializer.is_valid():
  14.                     """If the validation success, it will created a new user."""
  15.                     serializer.save()
  16.                     res = { 'status' : status.HTTP_201_CREATED }
  17.                     return Response(res, status = status.HTTP_201_CREATED)
  18.            res = { 'status' : status.HTTP_400_BAD_REQUEST, 'data' : serializer.errors }
  19.            return Response(res, status = status.HTTP_400_BAD_REQUEST)


Next open an urls.py file and let's create an endpoint for signup api.

urls.py
  1. from django.urls import path
  2. from . import views
  5. urlspatterns = [
  6.     path("api/user/signup/", views.SignupAPIView.as_view(), name="user-signup"),
  7.   ]


Create a signals.py file and here we are going to create token by using signals.

signals.py
  1. from django.conf import settings
  2. from django.db.models.signals import post_save
  3. from django.dispatch import receiver
  4. from rest_framework.authtoken.models import Token
  7. @receiver(post_save, sender=settings.AUTH_USER_MODEL)
  8. def create_auth_token(sender, instance=None, created=False, **kwargs):
  10.         if created:
  11.                 Token.objects.create(user=instance)

By generating token using signals is the best way. So here we actually use post_save signals, that will create a token, when new user will create.

2. Login API

Now we will going to create a Login Api that will basically generate an token, so that we can use this token to access the students data.


To create a login api, follow these steps :


Open a serializers.py file and let's create a ModelSerializer for Login.

serializers.py
  1. from rest_framework import serializers
  2. from django.contrib.auth.models import User
  3. from django.contrib.auth.hashers import make_password
  6. class LoginSerializer(serializers.ModelSerializer):
  8.     username = serializers.CharField()
  10.     class Meta:
  11.             model = User
  12.             fields = ['username','password']


Next, open a views.py file, and Let's create a APIView class for Login.

views.py
  1. from rest_framework.views import APIView
  2. from django.contrib.auth.models import User
  3. from rest_framework.response import Response
  4. from rest_framework import status
  5. from .serializers import LoginSerializer
  6. from rest_framework.authtoken.models import Token
  7. from django.contrib.auth import authenticate
  10. class LoginAPIView(APIView):
  11.     """This api will handle login and return token for authenticate user."""
  13.     def post(self,request):
  14.             serializer = LoginSerializer(data = request.data)
  15.             if serializer.is_valid():
  16.                     username = serializer.validated_data["username"]
  17.                     password = serializer.validated_data["password"]
  18.                     user = authenticate(request, username=username, password=password)
  19.                     if user is not None:
  20.                         """We are reterving the token for authenticated user."""
  21.                         token = Token.objects.get(user=user)
  22.                         response = {
  23.                                "status": status.HTTP_200_OK,
  24.                                "message": "success",
  25.                                "data": {
  26.                                        "Token" : token.key
  27.                                        }
  28.                                }
  29.                         return Response(response, status = status.HTTP_200_OK)
  30.                     else :
  31.                         response = {
  32.                                "status": status.HTTP_401_UNAUTHORIZED,
  33.                                "message": "Invalid Email or Password",
  34.                                }
  35.                         return Response(response, status = status.HTTP_401_UNAUTHORIZED)
  36.             response = {
  37.                  "status": status.HTTP_400_BAD_REQUEST,
  38.                  "message": "bad request",
  39.                  "data": serializer.errors
  40.                  }
  41.             return Response(response, status = status.HTTP_400_BAD_REQUEST)


Next, open an urls.py file and let's create an endpoint for login api.

urls.py
  1. from django.urls import path
  2. from . import views
  5. urlspatterns = [
  6.     path("api/user/login/", views.LoginAPIView.as_view(), name="user-login"),
  7.   ]

3. Students Api

Now we will going to create our Students Api that will basically return students data.


Open a models.py file and let's define student model.

models.py
  1. from django.db import models
  4. class Student(models.Model):
  6.        name = models.CharField(max_length = 100)
  7.        email = models.EmailField(max_length = 277)
  8.        created_at = models.DateTimeField(auto_now_add = True, null = True)
  9.        updated_at = models.DateTimeField(auto_now_add = True, null = True)
  11.        def __str__(self):
  12.               return str(self.name)


Hit these commands to create student table.

python manage.py makemigrations
python manage.py migrate


Next open a serializers.py file and let's create a ModelSerializer for Student.

serializers.py
  1. from rest_framework import serializers
  2. from .models import Student
  5. class StudentSerializer(serializers.ModelSerializer):
  7.     class Meta:
  8.             model = Student
  9.             fields = ['name','email','created_at','updated_at']


Next, open a views.py file, and Let's create a APIView class for Student.

views.py
  1. from rest_framework.views import APIView
  2. from rest_framework.response import Response
  3. from rest_framework import status
  4. from .serializers import StudentSerializer
  5. from .models import Student
  6. from rest_framework.permissions import IsAuthenticated
  9. class StudentAPIView(APIView):
  10.     """This api will handle student"""
  12.     permission_classes = [ IsAuthenticated ]
  14.     def get(self,request):
  15.             data = Student.objects.all()
  16.             serializer = StudentSerializer(data, many = True)
  17.             response = {
  18.                    "status": status.HTTP_200_OK,
  19.                    "message": "success",
  20.                    "data": serializer.data
  21.                    }
  22.             return Response(response, status = status.HTTP_200_OK)

We have to must add the IsAuthenticated permission to our student api. It means to get the students data, ideally you need to pass the access token, that you got at the time of login.



Next, open an urls.py file and let's create an endpoint for student api.

urls.py
  1. from django.urls import path
  2. from . import views
  5. urlspatterns = [
  6.     path("api/students/", views.StudentAPIView.as_view(), name="api-student"),
  7.   ]

Conclusion

This is how you can secure your api's using Token Authentication, just you need to only add IsAuthenticated to permission_classes, and set the TokenAuthentication to authenticate_classess in settings file.

Latest Posts

BlogsAbout meContact me
Copyright © 2024 Pythonworld.