问题描述
我已根据实施了令牌身份验证。
形成我所读取的,DRF的令牌身份验证非常简单 - 每个用户一个令牌,令牌不会过期,并且始终有效(我是对的?
我知道有更好的做法,但现在,DRF令牌身份验证对我来说很好。
我的问题是 - 使用正常的DRF令牌身份验证,注销的最佳做法是什么? >
我的意思是,当用户注销时,应该从客户端删除令牌吗?然后在登录再次获取令牌?我应该删除令牌并生成新的令牌吗?
任何有经验的人?
这是一个简单的视图,我正在使用注销:
from django.contrib.auth .models import来自rest_framework导入状态的$ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $
$ queryset = User.objects.all()
def get(self,request,format = None):
#只需删除令牌来强制登录
request.user。 auth_token.delete()
返回响应(status = status.HTTP_200_OK)
然后添加到你的 urls.py
:
urlpatterns = [
...
url(r'^ logout /',Logout.as_view()),
]
I have implemented the Token Authentication according to the django rest framework Docs.
Form what I read, the Token Authentication of DRF is quite simple - one token per user, the token doesn't expire and is valid for use always (am I right?).
I understand that there are better practices out there, but for now the DRF token authentication is fine for me.
my question is- what is the best practice for logout with the normal DRF token authentication?
I mean, when the user logs out, should I delete the token from the client side? and then on login get the token again? should I delete the token and generate a new one?
Anyone with experience with this?
Here's a simple view that I'm using to log out:
from django.contrib.auth.models import User
from rest_framework import status
from rest_framework.response import Response
from rest_framework.views import APIView
class Logout(APIView):
queryset = User.objects.all()
def get(self, request, format=None):
# simply delete the token to force a login
request.user.auth_token.delete()
return Response(status=status.HTTP_200_OK)
Then add it to your urls.py
:
urlpatterns = [
...
url(r'^logout/', Logout.as_view()),
]
这篇关于django休息框架 - 令牌身份验证注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!