DEV Community

Purnima Chowrasia
Purnima Chowrasia

Posted on

#4 Django Journey: Learn DRF by building an e-commerce APIs

Hey dev.to community!

Update: User authentication Part 1

Here I am to share an update about my progress in this project. As a last update on this project, where I have mentioned about adding Category model and established a relationship between product and category. This time I have worked on user authentication:

  1. Create an accounts app to manage user registration and login.
  2. Used Token-based API authentication.
  3. On User registration, token is generated and stored in authtoken_token DB table.
  4. On Login, token is retrieved.
  5. API to create product has been restricted only for logged in user.
  6. Token is now needed to be sent in the header to create product.
  7. Product can be view by user without login.

Why I have used Token-based authentication instead of JWT-authentication or session-based authentication?

Token-based authentication is easier to get started and simple to understand. When a new user registers, a token is generated and stored in the database. So every time a user has to access any protected API, they have to send this token in the header. This token never expires and is stateless.

However here are some disadvantages of Token-based authentication:

  • Token never expires(security risk)
  • If token compromised then, it’s valid forever
  • No refresh mechanism
  • One token per user, can’t track multiple devices login.

In future projects, I would definitely love to explore JWT and session based authentication. Meanwhile, please share your thought and tell me about your projects that you have worked.

See you’ll next time.. bye 👋

Complete code available here.

Top comments (0)