Django - DRF自带的token认证和JWT区别
2024-09-06 07:49:53
问题重现
当查看DRF 文档时发现DRF内置的token是存储在数据库里,这和我在网上搜索资料时认识的token-based authentication有出入。
from rest_framework.authtoken.models import Token # 有Token这个model
原因
其实网上大多数的token是json web token,是和DRF自带的token不同的。JWT只存储在客户端。具体google:double submit cookie vs synchronizer token
引用DRF文档:
JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. A package for JWT authentication is djangorestframework-simplejwt which provides some features as well as a pluggable token blacklist app.
参考
- https://www.django-rest-framework.org/api-guide/authentication/#json-web-token-authentication
- https://stackoverflow.com/questions/57442082/why-django-rest-framework-stores-token-in-database?noredirect=1#comment101361728_57442082
- https://stackoverflow.com/questions/29440014/should-i-use-jwt-or-basic-token-authentication-in-django-rest-framework
- https://stackoverflow.com/questions/27578726/appropriate-choice-of-authentication-class-for-python-rest-api-used-by-web-app
- https://stackoverflow.com/questions/31600497/django-drf-token-based-authentication-vs-json-web-token
- https://stackoverflow.com/questions/14567586/token-authentication-for-restful-api-should-the-token-be-periodically-changed
- https://stackoverflow.com/questions/43452896/authentication-jwt-usage-vs-session
最新文章
- Linux之head、tail、grep、cut等命令详解
- 《java JDK7 学习笔记》课后练习题3
- UVa1589 象棋
- python开发vim插件
- PowerDesigner概念模型的Notation设置
- web服务器分析与设计(一)
- 开启g++ 编辑器 c++11特性
- JS代码获取当前日期时支持IE,不兼容FF和chrome,解决这个问题,我们需要把获取时间的getYear()函数换成getFullYear()
- iOS RGB颜色封装
- NOI2007 生成树计数
- SVN无法修改以前提交日志的办法
- Linux/UNIX流程关系
- ThoughtWorks开发持续集成及部署利器:Go
- ubuntu 1604安装docker-ce 记录
- CLion之C++框架篇-优化开源框架,引入curl,实现get方式获取资源(四)
- 使用entitiy
- SpringMVC(四):什么是HandlerAdapter
- NumsCount
- 非root用户执行java进程报错:fork: retry:资源暂时不可用
- LeetCode: Binary Search Tree Iterator 解题报告