From 1e83b60a43c26db921d6910092362feb3a76500d Mon Sep 17 00:00:00 2001
From: Stephan Groß
Date: Wed, 14 Nov 2012 18:00:59 +0100
Subject: added description how to use the auth token

---
 docs/api-guide/authentication.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index 3137b9d4..cb1e2645 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -97,6 +97,21 @@ If successfully authenticated, `TokenAuthentication` provides the following cred
 
 **Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https` only.
 
+If you want every user to have an automatically generated Token, you can simply catch the User's `post_save` signal.
+
+    @receiver(post_save, sender=User)
+    def create_auth_token(sender, instance=None, created=False, **kwargs):
+        if created:
+            Token.objects.create(user=instance)
+
+If you've already created some User`'s, you can run a script like this.
+
+    from django.contrib.auth.models import User
+    from rest_framework.authtoken.models import Token
+
+    for user in User.objects.all():
+        Token.objects.get_or_create(user=user)
+
 ## OAuthAuthentication
 
 This policy uses the [OAuth 2.0][oauth] protocol to authenticate requests.  OAuth is appropriate for server-server setups, such as when you want to allow a third-party service to access your API on a user's behalf.
-- 
cgit v1.2.3


From eb20b5663e68ce01453eeb855922874001f42d0f Mon Sep 17 00:00:00 2001
From: Rob Romano
Date: Tue, 13 Nov 2012 15:03:42 -0800
Subject: Added documentation on how to use the token authentication login
 view.

---
 docs/api-guide/authentication.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index cb1e2645..a55059a8 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -112,6 +112,21 @@ If you've already created some User`'s, you can run a script like this.
     for user in User.objects.all():
         Token.objects.get_or_create(user=user)
 
+When using TokenAuthentication, it may be useful to add a login view for clients to retrieve the token. 
+
+REST framework provides a built-in login view. To use it, add a pattern to include the token login view for clients as follows:
+
+    urlpatterns += patterns('',
+        url(r'^api-token-auth/', include('rest_framework.authtoken.urls',
+                                         namespace='rest_framework'))
+    )
+
+The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use.  The only restriction is that the included urls must use the `'rest_framework'` namespace.  
+
+The authtoken login view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using forms or JSON:
+
+	 { 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }
+
 ## OAuthAuthentication
 
 This policy uses the [OAuth 2.0][oauth] protocol to authenticate requests.  OAuth is appropriate for server-server setups, such as when you want to allow a third-party service to access your API on a user's behalf.
-- 
cgit v1.2.3


From 321ba156ca45da8a4b3328c4aec6a9235f32e5f8 Mon Sep 17 00:00:00 2001
From: Rob Romano
Date: Tue, 13 Nov 2012 16:49:13 -0800
Subject: Renamed AuthTokenView to ObtainAuthToken, added obtain_auth_token
 var, updated tests & docs. Left authtoken.urls in place as example.

---
 docs/api-guide/authentication.md | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index a55059a8..a30bd22c 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -114,18 +114,15 @@ If you've already created some User`'s, you can run a script like this.
 
 When using TokenAuthentication, it may be useful to add a login view for clients to retrieve the token. 
 
-REST framework provides a built-in login view. To use it, add a pattern to include the token login view for clients as follows:
+REST framework provides a built-in login view for clients to retrieve the token called `rest_framework.authtoken.obtain_auth_token`. To use it, add a pattern to include the token login view for clients as follows:
 
     urlpatterns += patterns('',
-        url(r'^api-token-auth/', include('rest_framework.authtoken.urls',
-                                         namespace='rest_framework'))
+        url(r'^api-token-auth/', 'rest_framework.authtoken.obtain_auth_token')
     )
 
-The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use.  The only restriction is that the included urls must use the `'rest_framework'` namespace.  
+The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use. The authtoken login view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using forms or JSON:
 
-The authtoken login view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using forms or JSON:
-
-	 { 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }
+    { 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }
 
 ## OAuthAuthentication
 
-- 
cgit v1.2.3


From ce5b186ca869b693c945200581ba893123a63ce8 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Mon, 19 Nov 2012 21:42:33 +0000
Subject: Docs tweaks.

---
 docs/api-guide/authentication.md | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index a30bd22c..05575f57 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -68,7 +68,7 @@ This policy uses [HTTP Basic Authentication][basicauth], signed against a user's
 
 If successfully authenticated, `BasicAuthentication` provides the following credentials.
 
-* `request.user` will be a `django.contrib.auth.models.User` instance.
+* `request.user` will be a Django `User` instance.
 * `request.auth` will be `None`.
 
 **Note:** If you use `BasicAuthentication` in production you must ensure that your API is only available over `https` only.  You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage.
@@ -92,7 +92,7 @@ For clients to authenticate, the token key should be included in the `Authorizat
 
 If successfully authenticated, `TokenAuthentication` provides the following credentials.
 
-* `request.user` will be a `django.contrib.auth.models.User` instance.
+* `request.user` will be a Django `User` instance.
 * `request.auth` will be a `rest_framework.tokenauth.models.BasicToken` instance.
 
 **Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https` only.
@@ -104,7 +104,7 @@ If you want every user to have an automatically generated Token, you can simply
         if created:
             Token.objects.create(user=instance)
 
-If you've already created some User`'s, you can run a script like this.
+If you've already created some User's, you can run a script like this.
 
     from django.contrib.auth.models import User
     from rest_framework.authtoken.models import Token
@@ -112,26 +112,29 @@ If you've already created some User`'s, you can run a script like this.
     for user in User.objects.all():
         Token.objects.get_or_create(user=user)
 
-When using TokenAuthentication, it may be useful to add a login view for clients to retrieve the token. 
-
-REST framework provides a built-in login view for clients to retrieve the token called `rest_framework.authtoken.obtain_auth_token`. To use it, add a pattern to include the token login view for clients as follows:
+When using TokenAuthentication, you may want to provide a mechanism for clients to obtain a token, given the username and password. 
+REST framework provides a built-in view to provide this behavior.  To use it, add the `obtain_auth_token` view to your URLconf:
 
     urlpatterns += patterns('',
         url(r'^api-token-auth/', 'rest_framework.authtoken.obtain_auth_token')
     )
 
-The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use. The authtoken login view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using forms or JSON:
+The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use.
+
+The `obtain_auth_token` view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using form data or JSON:
 
     { 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }
 
+<!--
 ## OAuthAuthentication
 
 This policy uses the [OAuth 2.0][oauth] protocol to authenticate requests.  OAuth is appropriate for server-server setups, such as when you want to allow a third-party service to access your API on a user's behalf.
 
 If successfully authenticated, `OAuthAuthentication` provides the following credentials.
 
-* `request.user` will be a `django.contrib.auth.models.User` instance.
+* `request.user` will be a Django `User` instance.
 * `request.auth` will be a `rest_framework.models.OAuthToken` instance.
+-->
 
 ## SessionAuthentication
 
@@ -139,7 +142,7 @@ This policy uses Django's default session backend for authentication.  Session a
 
 If successfully authenticated, `SessionAuthentication` provides the following credentials.
 
-* `request.user` will be a `django.contrib.auth.models.User` instance.
+* `request.user` will be a Django `User` instance.
 * `request.auth` will be `None`.
 
 # Custom authentication
-- 
cgit v1.2.3


From a44a94dd6ea2d9497264e267a0354cb684d398f6 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Mon, 19 Nov 2012 22:08:38 +0000
Subject: More docs tweaking.

---
 docs/api-guide/authentication.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'docs/api-guide/authentication.md')

diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index 05575f57..8ed6ef31 100644
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -104,7 +104,7 @@ If you want every user to have an automatically generated Token, you can simply
         if created:
             Token.objects.create(user=instance)
 
-If you've already created some User's, you can run a script like this.
+If you've already created some users, you can generate tokens for all existing users like this:
 
     from django.contrib.auth.models import User
     from rest_framework.authtoken.models import Token
@@ -112,16 +112,16 @@ If you've already created some User's, you can run a script like this.
     for user in User.objects.all():
         Token.objects.get_or_create(user=user)
 
-When using TokenAuthentication, you may want to provide a mechanism for clients to obtain a token, given the username and password. 
+When using `TokenAuthentication`, you may want to provide a mechanism for clients to obtain a token given the username and password. 
 REST framework provides a built-in view to provide this behavior.  To use it, add the `obtain_auth_token` view to your URLconf:
 
     urlpatterns += patterns('',
         url(r'^api-token-auth/', 'rest_framework.authtoken.obtain_auth_token')
     )
 
-The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use.
+Note that the URL part of the pattern can be whatever you want to use.
 
-The `obtain_auth_token` view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using form data or JSON:
+The `obtain_auth_token` view will return a JSON response when valid `username` and `password` fields are POSTed to the view using form data or JSON:
 
     { 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }
 
-- 
cgit v1.2.3