当查看DRF 文档时发现DRF内置的token是存储在数据库里,这和我在网上搜索资料时认识的token-based authentication有出入。
from rest_framework.authtoken.models import Token # 有Token这个model原因
其实网上大多数的token是Json web token,是和DRF自带的token不同的。JWT只存储在客户端。
引用DRF文档:
参考 https://www.django-rest-framework.org/api-guide/authentication/#json-web-token-authentication https://stackoverflow.com/questions/57442082/why-django-rest-framework-stores-token-in-database?noredirect=1#comment101361728_57442082 https://stackoverflow.com/questions/29440014/should-i-use-jwt-or-basic-token-authentication-in-django-rest-framework https://stackoverflow.com/questions/27578726/appropriate-choice-of-authentication-class-for-python-rest-api-used-by-web-app https://stackoverflow.com/questions/31600497/django-drf-token-based-authentication-vs-json-web-token 总结JsON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme,JWT Authentication doesn‘t need to use a database to valIDate a token. A package for JWT authentication is djangorestframework-simplejwt which provIDes some features as well as a pluggable token blackList app.
以上是内存溢出为你收集整理的Django - DRF自带的token认证和JWT区别全部内容,希望文章能够帮你解决Django - DRF自带的token认证和JWT区别所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)