Token Authentication In Django REST Framework | Learn Django REST Framework #9

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone and welcome to this video in this video we're going to be talking about the concept of authentication and we're going to specifically be talking about token based authentication in the jungle risk framework now authentication provides for us a way in which we can identify a request and by this i mean actually every request that we create in the january's framework is identified by two things it is identified by the user who created it and the token that signed it now in this video we're going to be looking at how we can set up token-based authentication for us to protect our protected endpoints so that we require to login and get an access token that will give us access in our authorization headers so to get started i'm going to go within our simple blog folder right here and within our settings dot py i'm going to begin by installing our auth token app that comes in built with jungle race framework so to do that i'll go right here and after this framework i'll go ahead and add the rest framework those off talking app and right after adding this i'm also going to go ahead and add our default authentication classes so these default authentication classes allow us to define which kind of authentication we're going to be using in our jungle rest framework now i'm going to go to irish framework settings and that is the setting we actually said the basket was the non-fields error key so i'm going to add another setting within our rest framework settings so i'll give you the key and the key will be default authentication classes and then this will be an entire book containing the various authentication classes so in this case we shall begin by providing the first authentication class so all these are within the authentication module in january's firmware so to get access to them i'll first come and say rest framework dot authentication then in this case we're going to begin by providing the session authentication this can work if we need session authentication and i'm also going to add the token authentication class so this is going to be rest framework dot authentication but in this case it will be talking authentication now that we've been able to do this we can also be able to add in case let's say we are using another application an external application to do our authentication we can actually come and add the authentication class of that specific of that specific app or that specific package into our authentication classes now most of which states permission of the default permission classes and we're going to look into that in a second so actually let me try to do it right now so i'll just come right here and set the key so arc is going to be default so this will be default permission classes and in this case it will also be an iterable containing the class the default permission class that's going to actually allow us to have a permission to access a certain endpoint so in this case what i'll start with is rest framework dot in this case shall access the permission and then we shall we shall access that is authenticated permission now if you're confused about this i will make a separate video explaining permissions in detail but what this permission does is to only allow us access to a protected endpoint and this is only to happen if we are so i'm going to go ahead and save now after saving here we're going to need a way of creating a token so javas framework provides for us a token model that basically creates a token and this token is to be associated with a single user so for us to be able to do this at signing up what you're going to do is to go within the serializer we created when signing up by user and maybe set that up another approach can be creating a signal that listens for a user creation and then goes ahead that creates a token for that specific user so what i'll do is to go within our accounts app and then within our accounts app i'm going to go to serializer.py now in here we define this create method that's to be able to set for us a password when creating our user now another thing we're going to do is to create a token for that specific use app we have been created now this token is unique and it only it is only specific to a given user so each of the users that signing into our application have a different token so what i'll go ahead and do is to import our token module now remember we installed our auth token app and that provides for us the module for our tokens so i'm going to come right here and i'll start by importing the module shall save from mesh framework dot auth token in this case we shall actually access the models module and then we shall go ahead and access our token now right after testing our token we're going to go within our create method and then create a token that belongs to that specific user we've created so to do that after saving our user we shall also create a token for that user so i'll just come and say talking dot objects dot create and then in this case we shall have our user be equal to our user and then this is going to go ahead and create a token specific to that specific user we've created that sign up so i'll go ahead and save now when i save we actually see we have three unapplied migrations now these unapplied migrations are actually migrations that are specific to our auth token app and they need to be included because we are going to be using the model for tokens and it's going to help us to create tokens and associate them to our users so uh contra c and then i'll run python money.py migrate and this is going to go ahead and migrate our modules so after doing that i run our server again now let us go ahead and basically see what a request is when we are carrying out our authentication so to do that i'm simply going to go within our views accounts app we created a route or a url that's specific to our signing up now the next url we're going to be creating is one that's going to be specific to our login in so what i'm going to do is to create a class and this class is going to be our login view so this is going to be a simple api view we're not going to deal with a generic api view so what i'll come and do is to import it so i'll just come and save from this is going to be rest framework dot views we are going to import our api view and right after importing our api view i'm simply going to come within a login view and then upgrade our api view so our login is going to inherit from our api view so that means we can be able to access that different http method so i'll just come and define our post method which will take himself to also taking a request object that's going to be of type request now one of the abilities of using type hints is you get access to the various methods of that specific parameter you pass into a function for example when i specify that this is of type request i can be able to come and say request dot and then i'll be able to access all the variables all the various attributes that the request object has now away from that i'll just pass this for now now let's try to explore a request when carrying out authentication so to do that i'll just simply create a simple get request and this is going to have self and then request then this is going to be of type request or sorry for this so this is going to be of type request and then here we're going to create content which is going to be a dictionary this dictionary is going to have the two attributes that are necessary for an authenticated request so it's going to have that user and they will access the user who actually sent this request is through request.user now request the user is a user object that's returned in case we want to access the user who actually made this request so for us to be able to access it and send it through our json we shall need to return a string version of that or string representation now shall this come and say that we shall return a string of request dot user so this will actually return the unique identifier for that user and to show us the user who actually made that request another thing is that token now that token is accessed via request dot auth and this will actually be our content so let us try to return a response that's going to show us the nature of our data that comes within our request or the data identifying that specific request so to do that i'll just simply come here and return we shall have our response and this response will have data so this data is going to be our content and then we shall actually have a status code so in this case our status code is going to be equal to status dot in this case shall i have http and this will be 200 okay all right now that we have this let us go ahead and try to make url that's going to allow us to access our login endpoint so go to our urls.py within our accounts app and then i'm going to add another url pattern so this is going to be our path so in this case i'll just come right here and add path so it's actually going to be path and the first thing it's going to take in is going to be the url which is going to be on our slash login then shall take in the view so in this case it's going to be views dot login view so since this is a class based view shall call that dot as refunction then you shall give it a name this name is going to be login all right so now that this is done let us head over to our insomnia and be able to carry out our request all right so right here in our insomnia we're going to begin by investigating what our request is going to have so i'll begin by creating a new request and this will be our login get request so once i've done this then i'll create this request and then i'll go ahead and specify our url to below cost eight thousand in slash auth slash login so when i send this request we now see that's going to return the following data about the request now each time we don't we are not authenticated we expect that our user is going to be an anonymous user object and then we are not going to also have a token returned to us so this actually happens like in a way where we are authenticated we can be able to access the user object of the user is currently authenticated as well as they are talking now let us go ahead and handle the login endpoint or the login functionality so to do that i'll simply go within our code and here in our post request i'm going to begin by accessing our email so our email is going to be equal to so in this case we shall access the request data so access that via the request load data then i'll call that dot get method and then i'll access the email and then i'll do the same thing for our password so i'll say that our password is going to be equal to our request data this is going to be data then we shall get the password and right now we shall need a way of basically returning a user object or checking for the user object that contains those credentials now we're going to use our authentication the authenticate function or the authenticate method that comes from django so i'm going to go ahead and import this so i'll just come and say from django dot contrib dot auth i'm going to go ahead and import the authenticate function and right after importing our authenticate function i'll simply come right here and say that we're going to have our user be equal to authenticate then here we're going to provide our email which will be our email should also provide our password which will be our password now after doing this we i will check if this user exists so shall do if user and in this case you can say if user is not nand then we can actually return a response containing our token so i'm just going to come right here and say shall return the response now i can just simply come in here and say that shall have irresponse now this response is going to have a message so let's just say that our login was successful and then we can also have our token so since the chooser is associated with token we are simply going to go ahead and return and token for that specific user so in this case what i have to do is return a talking and then we shall access the user token so to do that we shall come and say user and in this case we're going to access both token which will be the token associated to the user or the token object then you shall get the string representation of the key and that's accessed via the key attribute so shall just come right here and say that we're returning our data and this data is going to be called our response and then the next thing we are going to do is status so our status in this case is going to be status dot http 200 okay and then in case i use that does not exist so shall say else in this case we are going to return our response and our response is going to be equal to data which is going to have a message of invalid username it's actually going to be valid email or password so let us try to create a new user who has a token i'm going to go right here in our insomnia and i'll go where i create a user account so i created the user but i'm reaching this user so let's say we are going to call this user john doe and then we can also have this user as john doe we're going to keep the password the same so right now see that eyes has been created successfully now i'm going to come and create a new request which is going to be for logging in a user now this is going to be a post request and it shall have a body so this board is going to be json shall create this request so it's going to be at localhost 8000 then we shall access slash oauth and slash login so shall i need to provide the body this body is going to have an email and this email is going to be john doe at app.com then we shall also need our password so our password in this case is going to be password one two three and when we send this request in this case we see that our login has been successful and we are being returned are talking now let us try to access some of the endpoints that are created so when you go to the endpoint for getting all our posts for now when we send this request we actually see that we do not have a permission permissions set so to do that we are going to go back to our views for our posts and within our post views we are going to access that view for returning all our posts so right within our post list create view i'm simply going to add a permission classes list and this is going to be a list of permission classes now i'm going to begin by importing that dot is authenticated permission which is going to allow this to be accessed only and only when we are authenticated so to do that i'll just simply come within our request here go within our inputs and then say from rest framework load permissions we are going to go ahead and import our is authenticated now can have other permissions as i said i'll create a separate video for explaining permissions we need to go ahead and save so when you head over to post list create view and simply going to come and add our is authenticated permission so when i go ahead and save when you go back they said and try to make this request again we now see that our authentication credentials were not provided so the next thing we're going to do is try to figure out a way of accessing this endpoint by providing our token in our authorization headers so i'm going to go to our headers right here now if you're wondering what he does ah this is just information about the request that sent with the request so i'm just going to come here and create an authorization header and then within here when using token authentication we shall be providing the token as well as the value of the token so i'm going to go where i've created our token when logging in a user i'll copy this token right here and within where we actually want to get all posts i'll just come and paste in the token and then i send this request we now see that we currently don't have any posts so let us try to create some posts within our database so when i go where i actually have an endpoint for creating a new post when i try to say in posts we now see authentication credentials right and provided but for us to access that shall just come and say that we're going to have our authorization and in this case we shall have token it's going to be talking and then we shall paste in the token and this case we see that we've been able to create some posts successfully so even when you try to get all posts for now we can be able to have a list of posts so in this video actually before i wind up this video i like to show you what an authenticated request is so when you go back to where we actually investigate our request i can provide our authorization credentials here just come and create a header for authorization and then provide our values talking and then paste in our token so when i send this we actually see the user who sent this request as well as the token that's held that request this is awesome so in this video um i've been able to cover talking best authentication using the january framework i hope you've learned from this video if you've learned from this video please leave a like and if you're if it's your first time to come to my channel my name is ali jonathan i create videos on programming and related topics please subscribe to the channel if you're new thank you for watching and see you in the next video bye
Info
Channel: Ssali Jonathan
Views: 12,009
Rating: undefined out of 5
Keywords: django rest framework, django rest framework token authentication, django rest framework authentication, token based authentication django rest framework, django rest token authentication, token authentication django rest framework, django rest token authentication tutorial, django rest framework token authentication tutorial, django token authentication, django, token authentication, django rest framework tutorial, django rest framework token authentication postman
Id: p63ykt2lTQ0
Channel Id: undefined
Length: 21min 40sec (1300 seconds)
Published: Thu May 26 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.