Why is auth token saved in database?

[Bảo Phạm]

Hi everyone! I've just have read Django rest framework source code and I have no idea why auth token save in database. Im a bit confused because many article said that token only save in frontend and backend only decrypt the token to get the user's information. Could you tell me why they implement like that? And is that the same as session auth (both saved in database)?

Sincerely,

Bao

[Prabu Rocking]

I think you are talking about JWT(JSON Web Token) where the required information are encrypted and send to the client and the client has to send the token along with every request and the server will decrypt the token and get the information from it.

but the authentication in DRF is token-based authentication where token is generated and stored in both server and client side the client has to send request along with the token and the server verify the token against the token that it has in the DB.