Struggling with the same issue at the moment.
As I explore more I start to believe that DRF was meant to be secured by token based authentication method, when using with a decoupled frontend.
I did found this django-rest-framework-jwt package, which is currently unmaintained, but do has a nice feature that might suite your needs.
check the docs at jpadilla.github.io/django-rest-fra...
There's djang-rest-framework-simplejwt which is maintained, the problem is that they return the refresh and the access in a json object where the refresh should be in an http only cookie. I'm not sure I'd want to use jwt and honestly I'm new to Django so I can't customize it easily.
For the Token auth(not jwt) the problem, is the same, where do we store it.
Struggling with the same issue at the moment.
As I explore more I start to believe that DRF was meant to be secured by token based authentication method, when using with a decoupled frontend.
I did found this django-rest-framework-jwt package, which is currently unmaintained, but do has a nice feature that might suite your needs.
check the docs at jpadilla.github.io/django-rest-fra...
There's djang-rest-framework-simplejwt which is maintained, the problem is that they return the refresh and the access in a json object where the refresh should be in an http only cookie. I'm not sure I'd want to use jwt and honestly I'm new to Django so I can't customize it easily.
For the Token auth(not jwt) the problem, is the same, where do we store it.
Managed to create a view for authentication of users while using built-in SessionAuthentication.
See snippet in reddit.com/r/django/comments/e91gn...