DRF - Which Authentication to use?

[Nabeel Valapra]

I have prior experience in Django. Recently I got a project to build in REST architecture. I learned the basics of Django Rest Framework. But I am stuck with the authentication system.

I planned serve my frontend in anguarjs an host it on app.mydomain.com, and the DRF on api.mydomain.com. So all the end application (android, IOS) can pull the the data from api.mydomain.com

Here I don't want to use session authentication system, it doesn't play nice with CORS. I am more interested on JSONWebToken than Token Based Authentication because its signed and allows refresh token option too.

But, 1. How do I invalidate the existing tokens on password change? 2. How to destroy the token in a mobile lost scenario?

Is there any better authentication solution?

[Filipe Ximenes]

This is an interesting question. This question enlights some possibilities: http://stackoverflow.com/questions/21978658/invalidating-json-web-tokens
But none of then gives is a definitive solution. Does anyone have other ideas about the subject?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fabc7ac3-7343-48dc-8cfe-db909a5d6795%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.