Django : DRF Token based Authentication VS JSON Web Token

django json rest django-rest-framework tastypie

They both carrying out similar tasks with few differences.

Token

DRF's builtin Token Authentication

One Token for all sessions
No time stamp on the token

DRF JWT Token Authentication

One Token per session
Expiry timestamp on each token

Database access

DRF's builtin Token Authentication

Database access to fetch the user associated with the token
Verify user's status
Authenticate the user

DRF JWT Token Authentication

Decode token (get payload)
Verify token timestamp (expiry)
Database access to fetch user associated with the id in the payload
Verify user's status
Authenticate the user

Pros

DRF's builtin Token Authentication

Allows forced-logout by replacing the token in the database (ex: password change)

DRF JWT Token Authentication

Token with an expiration time
No database hit unless the token is valid

Cons

DRF's builtin Token Authentication

Database hit on all requests
Single token for all sessions

DRF JWT Token Authentication

Unable to recall the token without tracking it in the database
Once the token is issued, anyone with the token can make requests
Specs are open to interpretations, no consensus on how to do refresh

Related

Recent Posts

org.apache.kafka.common.errors.TimeoutException: Topic not present in metadata after 60000 ms

Why my code runs infinite time when i entered non integer type in c++ [duplicate]

How to retrieve Instagram username from User ID?

Serverless Framework - Variables resolution error

How do we access a file in github repo inside our azure databricks notebook