User Authentication

[MucahitErdoganUnlu]

Our current solution for authentication on Django uses TokenAuthentication. However, we may want to change it because:

• If you use TokenAuthentication in production you must ensure that your API is only available over https.
• For an implementation which allows more than one token per user, has some tighter security implementation details, and supports token expiry, please see the Django REST Knox third party package.

Which one should be our implementation?

[umitcan07]

I think I would stick to TokenAuthentication. Keep it simple & stupid :)

[MucahitErdoganUnlu]

A useful website: DRF Token Authentication vs Third Party Packages (JWT and Django Rest Knox)
Especially, this part is important:

• However, in scenarios where users frequently log in from multiple devices, and device independence is crucial, alternative authentication solutions that support per-client tokens may offer a more user-friendly experience.

Since our project supports login from multiple device types, let alone multiple devices, using Third Party Packages is a better alternative.