aboutsummaryrefslogtreecommitdiffstats
path: root/api-guide/authentication.html
diff options
context:
space:
mode:
Diffstat (limited to 'api-guide/authentication.html')
-rw-r--r--api-guide/authentication.html89
1 files changed, 45 insertions, 44 deletions
diff --git a/api-guide/authentication.html b/api-guide/authentication.html
index c28b2239..63c2f3f0 100644
--- a/api-guide/authentication.html
+++ b/api-guide/authentication.html
@@ -4,6 +4,7 @@
<meta charset="utf-8">
<title>Django REST framework - Authentication</title>
<link href="http://django-rest-framework.org/img/favicon.ico" rel="icon" type="image/x-icon">
+ <link rel="canonical" href="http://django-rest-framework.org/api-guide/authentication"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Django, API, REST, Authentication, API Reference, Custom authentication, Third party packages">
<meta name="author" content="Tom Christie">
@@ -41,8 +42,8 @@
<div class="navbar-inner">
<div class="container-fluid">
<a class="repo-link btn btn-primary btn-small" href="https://github.com/tomchristie/django-rest-framework/tree/master">GitHub</a>
- <a class="repo-link btn btn-inverse btn-small " href="../api-guide/permissions.html">Next <i class="icon-arrow-right icon-white"></i></a>
- <a class="repo-link btn btn-inverse btn-small " href="../api-guide/relations.html"><i class="icon-arrow-left icon-white"></i> Previous</a>
+ <a class="repo-link btn btn-inverse btn-small " href="../api-guide/permissions">Next <i class="icon-arrow-right icon-white"></i></a>
+ <a class="repo-link btn btn-inverse btn-small " href="../api-guide/relations"><i class="icon-arrow-left icon-white"></i> Previous</a>
<a class="repo-link btn btn-inverse btn-small" href="#searchModal" data-toggle="modal"><i class="icon-search icon-white"></i> Search</a>
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
@@ -56,56 +57,56 @@
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Tutorial <b class="caret"></b></a>
<ul class="dropdown-menu">
- <li><a href="http://django-rest-framework.org/tutorial/quickstart.html">Quickstart</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/1-serialization.html">1 - Serialization</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/2-requests-and-responses.html">2 - Requests and responses</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/3-class-based-views.html">3 - Class based views</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/4-authentication-and-permissions.html">4 - Authentication and permissions</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/5-relationships-and-hyperlinked-apis.html">5 - Relationships and hyperlinked APIs</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/6-viewsets-and-routers.html">6 - Viewsets and routers</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/quickstart">Quickstart</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/1-serialization">1 - Serialization</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/2-requests-and-responses">2 - Requests and responses</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/3-class-based-views">3 - Class based views</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/4-authentication-and-permissions">4 - Authentication and permissions</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/5-relationships-and-hyperlinked-apis">5 - Relationships and hyperlinked APIs</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/6-viewsets-and-routers">6 - Viewsets and routers</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">API Guide <b class="caret"></b></a>
<ul class="dropdown-menu">
- <li><a href="http://django-rest-framework.org/api-guide/requests.html">Requests</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/responses.html">Responses</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/views.html">Views</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/generic-views.html">Generic views</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/viewsets.html">Viewsets</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/routers.html">Routers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/parsers.html">Parsers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/renderers.html">Renderers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/serializers.html">Serializers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/fields.html">Serializer fields</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/relations.html">Serializer relations</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/authentication.html">Authentication</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/permissions.html">Permissions</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/throttling.html">Throttling</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/filtering.html">Filtering</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/pagination.html">Pagination</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/content-negotiation.html">Content negotiation</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/format-suffixes.html">Format suffixes</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/reverse.html">Returning URLs</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/exceptions.html">Exceptions</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/status-codes.html">Status codes</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/testing.html">Testing</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/settings.html">Settings</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/requests">Requests</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/responses">Responses</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/views">Views</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/generic-views">Generic views</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/viewsets">Viewsets</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/routers">Routers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/parsers">Parsers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/renderers">Renderers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/serializers">Serializers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/fields">Serializer fields</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/relations">Serializer relations</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/authentication">Authentication</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/permissions">Permissions</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/throttling">Throttling</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/filtering">Filtering</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/pagination">Pagination</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/content-negotiation">Content negotiation</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/format-suffixes">Format suffixes</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/reverse">Returning URLs</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/exceptions">Exceptions</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/status-codes">Status codes</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/testing">Testing</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/settings">Settings</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Topics <b class="caret"></b></a>
<ul class="dropdown-menu">
- <li><a href="http://django-rest-framework.org/topics/documenting-your-api.html">Documenting your API</a></li>
- <li><a href="http://django-rest-framework.org/topics/ajax-csrf-cors.html">AJAX, CSRF & CORS</a></li>
- <li><a href="http://django-rest-framework.org/topics/browser-enhancements.html">Browser enhancements</a></li>
- <li><a href="http://django-rest-framework.org/topics/browsable-api.html">The Browsable API</a></li>
- <li><a href="http://django-rest-framework.org/topics/rest-hypermedia-hateoas.html">REST, Hypermedia & HATEOAS</a></li>
- <li><a href="http://django-rest-framework.org/topics/rest-framework-2-announcement.html">2.0 Announcement</a></li>
- <li><a href="http://django-rest-framework.org/topics/2.2-announcement.html">2.2 Announcement</a></li>
- <li><a href="http://django-rest-framework.org/topics/2.3-announcement.html">2.3 Announcement</a></li>
- <li><a href="http://django-rest-framework.org/topics/release-notes.html">Release Notes</a></li>
- <li><a href="http://django-rest-framework.org/topics/credits.html">Credits</a></li>
+ <li><a href="http://django-rest-framework.org/topics/documenting-your-api">Documenting your API</a></li>
+ <li><a href="http://django-rest-framework.org/topics/ajax-csrf-cors">AJAX, CSRF & CORS</a></li>
+ <li><a href="http://django-rest-framework.org/topics/browser-enhancements">Browser enhancements</a></li>
+ <li><a href="http://django-rest-framework.org/topics/browsable-api">The Browsable API</a></li>
+ <li><a href="http://django-rest-framework.org/topics/rest-hypermedia-hateoas">REST, Hypermedia & HATEOAS</a></li>
+ <li><a href="http://django-rest-framework.org/topics/rest-framework-2-announcement">2.0 Announcement</a></li>
+ <li><a href="http://django-rest-framework.org/topics/2.2-announcement">2.2 Announcement</a></li>
+ <li><a href="http://django-rest-framework.org/topics/2.3-announcement">2.3 Announcement</a></li>
+ <li><a href="http://django-rest-framework.org/topics/release-notes">Release Notes</a></li>
+ <li><a href="http://django-rest-framework.org/topics/credits">Credits</a></li>
</ul>
</li>
</ul>
@@ -220,14 +221,14 @@
<p>Auth needs to be pluggable.</p>
<p>&mdash; Jacob Kaplan-Moss, <a href="http://jacobian.org/writing/rest-worst-practices/">"REST worst practices"</a></p>
</blockquote>
-<p>Authentication is the mechanism of associating an incoming request with a set of identifying credentials, such as the user the request came from, or the token that it was signed with. The <a href="permissions.html">permission</a> and <a href="throttling.html">throttling</a> policies can then use those credentials to determine if the request should be permitted.</p>
+<p>Authentication is the mechanism of associating an incoming request with a set of identifying credentials, such as the user the request came from, or the token that it was signed with. The <a href="permissions">permission</a> and <a href="throttling">throttling</a> policies can then use those credentials to determine if the request should be permitted.</p>
<p>REST framework provides a number of authentication schemes out of the box, and also allows you to implement custom schemes.</p>
<p>Authentication is always run at the very start of the view, before the permission and throttling checks occur, and before any other code is allowed to proceed.</p>
<p>The <code>request.user</code> property will typically be set to an instance of the <code>contrib.auth</code> package's <code>User</code> class.</p>
<p>The <code>request.auth</code> property is used for any additional authentication information, for example, it may be used to represent an authentication token that the request was signed with.</p>
<hr />
<p><strong>Note:</strong> Don't forget that <strong>authentication by itself won't allow or disallow an incoming request</strong>, it simply identifies the credentials that the request was made with.</p>
-<p>For information on how to setup the permission polices for your API please see the <a href="permissions.html">permissions documentation</a>.</p>
+<p>For information on how to setup the permission polices for your API please see the <a href="permissions">permissions documentation</a>.</p>
<hr />
<h2 id="how-authentication-is-determined">How authentication is determined</h2>
<p>The authentication schemes are always defined as a list of classes. REST framework will attempt to authenticate with each class in the list, and will set <code>request.user</code> and <code>request.auth</code> using the return value of the first class that successfully authenticates.</p>
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-01 10:16:05 +0000