I have prior experience in Django. Recently I got a project to build in REST architecture. I learned the basics of Django Rest Framework. But I am stuck with the authentication system.
I planned serve my frontend in anguarjs an host it on app.mydomain.com, and the DRF on api.mydomain.com. So all the end application (android, IOS) can pull the the data from api.mydomain.com
Here I don't want to use session authentication system, it doesn't play nice with CORS. I am more interested on JSONWebToken than Token Based Authentication because its signed and allows refresh token option too.
But, 1. How do I invalidate the existing tokens on password change? 2. How to destroy the token in a mobile lost scenario?
Is there any better authentication solution?
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fabc7ac3-7343-48dc-8cfe-db909a5d6795%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment