Hey dev.to community!
Update: User authentication Part 1
Here I am to share an update about my progress in this project. As a last update on this project, where I have mentioned about adding Category model and established a relationship between product and category. This time I have worked on user authentication:
- Create an
accounts
app to manage user registration and login. - Used Token-based API authentication.
- On User registration, token is generated and stored in authtoken_token DB table.
- On Login, token is retrieved.
- API to create product has been restricted only for logged in user.
- Token is now needed to be sent in the header to create product.
- Product can be view by user without login.
Why I have used Token-based authentication instead of JWT-authentication or session-based authentication?
Token-based authentication is easier to get started and simple to understand. When a new user registers, a token is generated and stored in the database. So every time a user has to access any protected API, they have to send this token in the header. This token never expires and is stateless.
However here are some disadvantages of Token-based authentication:
- Token never expires(security risk)
- If token compromised then, it’s valid forever
- No refresh mechanism
- One token per user, can’t track multiple devices login.
In future projects, I would definitely love to explore JWT and session based authentication. Meanwhile, please share your thought and tell me about your projects that you have worked.
See you’ll next time.. bye 👋
Complete code available here.
Top comments (0)