django-rest-durin

Per client token authentication Module for django rest auth.

Durin provides easy to use authentication for Django REST Framework The aim is to allow for common patterns in applications that are REST based, with little extra effort; and to ensure that connections remain secure.

Durin authentication is token based, similar to the TokenAuthentication built in to DRF. However, it overcomes some problems present in the default implementation:

• DRF tokens are limited to one per user. This does not facilitate securely signing in from multiple devices, as the token is shared. It also requires all devices to be logged out if a server-side logout is required (i.e. the token is deleted).

  Durin provides one token per call to the login view - allowing each client to have its own token which is deleted on the server side when the client logs out.

  Durin also provides an option for a logged in client to remove all tokens that the server has - forcing all clients to re-authenticate.

• DRF tokens track their creation time, but have no inbuilt mechanism for tokens expiring. Durin tokens can have an expiry configured in the app settings (default is 10 hours.)

More information can be found in the Documentation

Cache Backend

If you want to use a cache for the session store, you can install django-memoize and add 'memoize' to INSTALLED_APPS.

Then you need to use CachedTokenAuthentication instead of TokenAuthentication.

pip install django-memoize

Django Compatibility Matrix

If your project uses an older verison of Django or Django Rest Framework, you can choose an older version of this project.

Make sure to use at least DRF 3.10 when using Django 3.0 or newer.

Changelog / Releases

All releases should be listed in the releases tab on github.

See CHANGELOG.md for a more detailed listing.

License

This project is published with the MIT License. See https://choosealicense.com/licenses/mit/ for more information about what this means.