One thing about frameworks is that they work well when you follow the tutorials and the conventions, they usually don't when you try to step a litt...
For further actions, you may consider blocking this person and/or reporting abuse
Great Article, the amount of stack overflow articles I've read linking the rest framework section on session authentication (which has no mention of implementation), as well as answers saying put my JWT in local storage and forget about it, had left me feeling defeated using the rest framework and a SPA.
Suprising for a framework that is touted as having fantastic docs...
Two years on, have you found a cleaner solution?
Hi! Unfortunately I'm not actively working on that project anymore.
I'm a bit surprised two years later there's still not a solution for that :D
I did a lot of Vue + Django projects in 2017 and early 2018. I used different libraries with DRF for JWT, but if I remember correctly, I could use an
authenticate
method in a view. One project I'm pretty sure I used the login view, another I think I did something custom.Thanks, I'll try to research a bit how to do it with REST.
I've updated the post with my temporary solution.
(apologies for the thread necromancy)
I ran into this exact problem, trying to get an SPA to use DRF's session authentication. The docs for this only suggest it could work, but never really say how. I got lucky with some googling, and thought I would share.
1) I needed to write a new login view. I basically copied one from testdriven.io/courses/real-time-ap... after much searching. I also copied from there for sign up and logout views.
2) On the backend, I included
{% csrf_token %}
in the index.html template that bootstraps the SPA, so that the SPA gets the cookie when it loads.3) On the frontend, I made sure to include the CSRF cookie as a 'X-CSRFToken' header.
It seems to me you could just use Django's login view
dev.to/marcuscreo/the-4-letter-wor...
I've updated the post with my temporary solution.
But how? :-)
I used Basic Auth without CSRF, and did work for me. But you can implement JWT Auth in your Django project medium.com/netscape/full-stack-dja...
Thanks for the heads up! I wanted to avoid JWT, that's why I was trying to simply use the django session cookie as a token.
I think I've succeeded, I just need to read a bit more about DRF so I can clean up the code (and maybe remove django-rest-auth as a dependency)
I appreciate your piece on this,
I'm building a system using Django/DRF as backend and React Js as frontend.
The backend uses an already existent database, user and auth models.
Figure out auth in SPA is tricky... store tokens in localstorage or sessionstorage isn't the safest practice but is the fastest to get it done, imho this is why many devs do it this way.
I totally agree with you, implement the session cookie should be easy as it seems to me the right solution for this problem.
Yeah, probably if they lowered the bar on how to use standard sessions they would be used more. A lot of doc is also JWT first which doesn't always help.
Hi! I'm not a django rest expert, but i think i figured out what's wrong.
The SessionAuthentication class is not used to sign in the user, but to check if a request comes from an authenticated user.
To login using regular session cookie you're supposed to use the standard LoginView class
Thanks for the comment! I figured
SessionAuthentication
wasn't the correct one, after a few trials.The only issue I see using directly LoginView is that it entails a server side template. That's why I didn't use it. Check the update in the post about it.
I'm still a little surprised about how complicated is this but it could be 100% because I'm not a Django expert either.
As of today, have you found a better way to deal with it? ALtho not so bad of a solution, it is still an ugly one...