You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At work django-rest-knox has become a bit of a standard. I don't remember a project where we don't use django-rest-knox. In some projects we've experienced some friction when extending/customizing django-rest-knox, and it comes from 2 places mainly:
1. views.LoginView.post and auth.TokenAuthentication.authenticate_credentials reference AuthToken directly.
So if you want to use a different auth token model you're forced to overwrite those methods entirely.
This could easily be sorted out by adding a model property to LoginView and TokenAuthentication, which allows you to configure the auth token model. TokenAuthentication already have such property, it just doesn't make use of it everywhere.
2. When subclassing AuthToken, Django produces a one-to-one relationship between AuthToken and your custom subclass.
Which means that user.auth_token_set references a queryset of AuthTokens, instead of a queryset of your custom subclass; because the user-token relationship is inherited from AuthToken.
Also easy to solve, by moving the definition of AuthToken to an abstract AbstractAuthToken model, and having AuthToken inherit from it.
I realize that a similar problem was brought up before (#159), and a more ambitious solution was attempted there. The changes I'm proposing are in the same vein, but not as ambitions. I don't think they prevent us from continuing on the more ambitious road in the future. They also don't break the current API at all.
Please let me know what you think.
The text was updated successfully, but these errors were encountered:
Hi. Fantastic job on this project!
At work
django-rest-knoxhas become a bit of a standard. I don't remember a project where we don't usedjango-rest-knox. In some projects we've experienced some friction when extending/customizingdjango-rest-knox, and it comes from 2 places mainly:1.
views.LoginView.postandauth.TokenAuthentication.authenticate_credentialsreferenceAuthTokendirectly.So if you want to use a different auth token model you're forced to overwrite those methods entirely.
This could easily be sorted out by adding a
modelproperty toLoginViewandTokenAuthentication, which allows you to configure the auth token model.TokenAuthenticationalready have such property, it just doesn't make use of it everywhere.2. When subclassing
AuthToken, Django produces a one-to-one relationship betweenAuthTokenand your custom subclass.Which means that
user.auth_token_setreferences a queryset ofAuthTokens, instead of a queryset of your custom subclass; because the user-token relationship is inherited fromAuthToken.Also easy to solve, by moving the definition of
AuthTokento an abstractAbstractAuthTokenmodel, and havingAuthTokeninherit from it.I'm proposing those changes in this MR: #252
I realize that a similar problem was brought up before (#159), and a more ambitious solution was attempted there. The changes I'm proposing are in the same vein, but not as ambitions. I don't think they prevent us from continuing on the more ambitious road in the future. They also don't break the current API at all.
Please let me know what you think.
The text was updated successfully, but these errors were encountered: