django-rest-durin

Django-Rest-Durin

Per API client token authentication Module for Django REST Framework.

The idea is to provide one library that does token auth for multiple Web/CLI/Mobile API clients (i.e. devices/user-agents) via one interface but allows different token configuration for each client.

Durin authentication is token based, similar to the TokenAuthentication built in to DRF. However, it adds some extra sauce:

• Durin allows multiple tokens per user. But only one token each user per API client.
• Each user token is associated with an API Client.
  • These API Clients are configurable via Django's Admin Interface.
  • Includes permission enforcing to allow only specific clients to make authenticated requests to certain APIViews or vice-a-versa.
  • Configure Rate-Throttling per User <-> Client pair.
• Durin provides an option for a logged in user to remove all tokens that the server has - forcing them to re-authenticate for all API clients.
• Durin tokens can be renewed to get a fresh expiry.
• Durin provides a CachedTokenAuthentication backend as well which uses memoization for faster look ups.
• Durin provides Session Management features. Refer to Session Management Views i.e.,
  • REST view for an authenticated user to get list of sessions (in context of django-rest-durin, this means AuthToken instances) and revoke a session. Useful for pages like "View active browser sessions".
  • REST view for an authenticated user to get/create/delete token against a pre-defined client. Useful for pages like "Get API key" where a user can get an API key to be able to interact directly with your project's RESTful API using cURL or a custom client.

More information can be found in the Documentation. I'd also recommend going through the example_project/ included in this repository.

Django Compatibility Matrix

If your project uses an older verison of Django or Django Rest Framework, you can choose an older version of this project.

This Project	Python Version	Django Version	Django Rest Framework
0.1+	3.5 - 3.10	2.2, 3.0, 3.1, 3.2, 4.0	3.7>=

Make sure to use at least DRF 3.10 when using Django 3.0 or newer.

Changelog / Releases

All releases should be listed in the releases tab on GitHub.

See CHANGELOG for a more detailed listing.

License

This project is published with the MIT License. See https://choosealicense.com/licenses/mit/ for more information about what this means.

Credits

Durin is inpired by the django-rest-knox and django-rest-multitokenauth libraries and adopts some learnings and code from both.