I have a website in Django and I'm developing an Android app. In one activity I have to login the user. I have installed the Django Rest Framework but I'm afraid that is insecure to send the username and password. What's the best way to do a login using Rest Framework?
-
There are a number of existing apps to deal with authentication so you may want to check out some of those. I hear good things about allauth.cms_mgr– cms_mgr2014-10-06 14:36:49 +00:00Commented Oct 6, 2014 at 14:36
-
But this is for Facebook, Twitter, etc.. I have my own usersuser3657840– user36578402014-10-06 17:06:11 +00:00Commented Oct 6, 2014 at 17:06
-
Sorry my lack of REST-framework familiarity steered me wrong. Their authentication guide does seem quite thorough though, is there a particular part of it that's failing for you?cms_mgr– cms_mgr2014-10-07 11:41:28 +00:00Commented Oct 7, 2014 at 11:41
Add a comment
|
2 Answers
You may use basic authentication, by providing an user name and password, but it has to be done over https. Otherwise, there are different other authentication mechanism you may use. Have a look here. The appropriate one for a mobile application would probably be token authentication.
Comments
One of the most popular ways to authenticate with REST APIs is through tokens. What this essentially means is to set up an API endpoint that receives the "username" and "password" and responds with a token. And then each request make to the API should go with this token as a header or a param, and get resolved and validated before running the function behind the API. This way you username and password will only be send once. Of course, even with this, it is recommended to use HTTPS.
A good way to do this is to use djangorestframework-jwt (http://getblimp.github.io/django-rest-framework-jwt/). This is an app providing JSON Web Token functionality for Django Rest Framework APIs.
