diff options
| author | Mjumbe Wawatu Poe | 2012-09-07 16:12:33 -0400 |
|---|---|---|
| committer | Mjumbe Wawatu Poe | 2012-09-07 16:15:33 -0400 |
| commit | f741cdae44bc455089a5ed7e1dbea4760ca97b85 (patch) | |
| tree | 622d3e71a0815f34c3006199ca79c9ed8ea6023a /docs/api-guide/authentication.md | |
| parent | 10450bafc9d98f022e0f0a5246a7fb1c7e53dc39 (diff) | |
| download | django-rest-framework-f741cdae44bc455089a5ed7e1dbea4760ca97b85.tar.bz2 | |
Move TokenAuthentication class into djangorestframework.authentication
Diffstat (limited to 'docs/api-guide/authentication.md')
| -rw-r--r-- | docs/api-guide/authentication.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index c5b7ac9c..5f176d02 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -67,9 +67,9 @@ If successfully authenticated, `UserBasicAuthentication` provides the following ## TokenAuthentication -This policy uses [HTTP Authentication][basicauth] with a custom authentication scheme called "Token". Token basic authentication is appropriate for client-server setups, such as native desktop and mobile clients. The token key should be passed in as a string to the "Authorization" HTTP header. For example: +This policy uses [HTTP Authentication][basicauth] with no authentication scheme. Token basic authentication is appropriate for client-server setups, such as native desktop and mobile clients. The token key should be passed in as a string to the "Authorization" HTTP header. For example: - curl http://my.api.org/ -X POST -H "Authorization: Token 0123456789abcdef0123456789abcdef" + curl http://my.api.org/ -X POST -H "Authorization: 0123456789abcdef0123456789abcdef" **Note:** If you run `TokenAuthentication` in production your API must be `https` only, or it will be completely insecure. @@ -78,7 +78,7 @@ If successfully authenticated, `TokenAuthentication` provides the following cred * `request.user` will be a `django.contrib.auth.models.User` instance. * `request.auth` will be a `djangorestframework.tokenauth.models.BasicToken` instance. -To use the `TokenAuthentication` scheme, you must have a token model. Django REST Framework comes with a minimal default token model. To use it, include `djangorestframework.tokenauth` in your installed applications. To use your own token model, subclass the `djangorestframework.tokenauth.authentication.TokenAuthentication` class and specify a `model` attribute that references your custom token model. The token model must provide `user`, `key`, and `revoked` attributes. For convenience, the `djangorestframework.tokenauth.models.BaseToken` abstract model implements this minimum contract, and also randomly populates the key field when none is provided. +To use the `TokenAuthentication` policy, you must have a token model. Django REST Framework comes with a minimal default token model. To use it, include `djangorestframework.tokenauth` in your installed applications and sync your database. To use your own token model, subclass the `djangorestframework.tokenauth.TokenAuthentication` class and specify a `model` attribute that references your custom token model. The token model must provide `user`, `key`, and `revoked` attributes. For convenience, the `djangorestframework.tokenauth.models.BaseToken` abstract model implements this minimum contract, and also randomly populates the key field when none is provided. ## OAuthAuthentication |