aboutsummaryrefslogtreecommitdiffstats
path: root/api-guide/authentication.html
diff options
context:
space:
mode:
Diffstat (limited to 'api-guide/authentication.html')
-rw-r--r--api-guide/authentication.html3
1 files changed, 3 insertions, 0 deletions
diff --git a/api-guide/authentication.html b/api-guide/authentication.html
index f99b8a2c..2265deb1 100644
--- a/api-guide/authentication.html
+++ b/api-guide/authentication.html
@@ -186,6 +186,7 @@
<li><a href="#django-oauth-toolkit">Django OAuth Toolkit</a></li>
<li><a href="#django-oauth2-consumer">Django OAuth2 Consumer</a></li>
<li><a href="#json-web-token-authentication">JSON Web Token Authentication</a></li>
+<li><a href="#http-signature-authentication">HTTP Signature Authentication</a></li>
<div>
@@ -481,6 +482,8 @@ class ExampleAuthentication(authentication.BaseAuthentication):
<p>The <a href="https://github.com/Rediker-Software/doac">Django OAuth2 Consumer</a> library from <a href="https://github.com/Rediker-Software">Rediker Software</a> is another package that provides <a href="https://github.com/Rediker-Software/doac/blob/master/docs/integrations.md#">OAuth 2.0 support for REST framework</a>. The package includes token scoping permissions on tokens, which allows finer-grained access to your API.</p>
<h2 id="json-web-token-authentication">JSON Web Token Authentication</h2>
<p>JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. <a href="https://github.com/GetBlimp">Blimp</a> maintains the <a href="https://github.com/GetBlimp/django-rest-framework-jwt">djangorestframework-jwt</a> package which provides a JWT Authentication class as well as a mechanism for clients to obtain a JWT given the username and password.</p>
+<h2 id="http-signature-authentication">HTTP Signature Authentication</h2>
+<p>HTTP Signature (currently a <a href="https://datatracker.ietf.org/doc/draft-cavage-http-signatures/">IETF draft</a>) provides a way to achieve origin authentication and message integrity for HTTP messages. Similar to <a href="http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Amazon's HTTP Signature scheme</a>, used by many of its services, it permits stateless, per-request authentication. <a href="https://github.com/etoccalino/">Elvio Toccalino</a> maintains the <a href="https://github.com/etoccalino/django-rest-framework-httpsignature">djangorestframework-httpsignature</a> package which provides an easy to use HTTP Signature Authentication mechanism.</p>
</div><!--/span-->
</div><!--/row-->
</div><!--/.fluid-container-->
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-01 06:16:05 +0000