I looked at 2 other token based authentication schemes, django-tokenapi and tastypie. Both seem to tie the user ID into the token authorization header so that only (a combined user ID + token key), when found in the table, is a successful authorization.
The current Token model in REST Framework generates a random UUID and hashes it. The chance for collisions seems low.
I like the simplicity of the authtoken.Token model, but is there some chance we might mis-authenticate (by random chance) users by only looking at the hashed random uuid ?
Anyone here with experience in the design of a token based scheme (for mobile apps, for example) have any opinions?
Thanks!
The current Token model in REST Framework generates a random UUID and hashes it. The chance for collisions seems low.
I like the simplicity of the authtoken.Token model, but is there some chance we might mis-authenticate (by random chance) users by only looking at the hashed random uuid ?
Anyone here with experience in the design of a token based scheme (for mobile apps, for example) have any opinions?
--