🐻 Token Authentication and CORS 🐻

🗓️ Today’s Topics

• Token authentication in DRF with Djoser
• CORS headers

🎯 Collaborative Project

Work with your team. Tonight, plan out your models – please draw a diagram! – and write down a list of the endpoints you think you will need. It should take you some time to talk this through. What data will those endpoints have to return? Will your endpoints need to accept any data (remember you can do this in the body of the request or using part of the URL)?

Your list of planned endpoints should look something like (this is a partial list using examples from Habit Tracker. You’re going to need a bunch more endpoints than this). Keep in mind that you should include endpoints ONLY if you need them, so consider the actions that you need to support according to the project requirements.

Example planning for endpoints (you’ll need more than these, of course):

🚫 No writing code yet! Today should be used for planning only. We’ll cover working together on GitHub tomorrow.

📖 Read | 📺 Watch | 🎧 Listen

• 📺 Finally Understand Auth in DRF - a Will Vincent talk -> Will isn’t using the Djoser library but he does a great job of reviewing different auth strategies and why you would choose one or the other. Watch this for a better understanding and overview of authentication.
• 📖 Julia Evans comic explaining CORS better than MDN does
• 📖 More Julia Evans on the Same Origin Policy
• 📖 Simple Is Better Than Complex: How to Implement Token Authentication in DRF This does NOT use Djoser, but it’s a great walkthrough of some of what Djoser does for you if you would like more detail.

🔖 Resources

Authentication

• Djoser documentation
• DRF docs: Token-based authentication
• The Ultimate Tutorial for Django REST Framework: Login and Authentication This uses the Djoser library.

CORS

• MDN CORS
  • MDN Access-Control-Allow-Origin Header
• Django CORS Guide
• django-cors-headers

Permissions

• DRF Permissions
• Pro-Tip: Logical operators with DRF Permissions