Introduction to Custom Authentication
Custom Authentication in Django REST Framework is the way you would create any time of authentication you would want. In fact, inside of the internals of DRF, you will find every other authentication scheme that I’ve talked about using CustomAuthentication. So, let’s look at an example of how you would implement something like this.
How to Implement Custom Authentication
WARNING: The example I’m about to show you is VERY VERY bad for security so DON’T use it in production. :)
First, you will need to override the
BaseAuthentication class. It looks like this:
I called the new class
MyCustomAuthentication. If you look at what this does, it retrieves a
username as a
GET request and will try to find a user with that
username. (You should now understand why this is a stupid example).
settings.py you’ll want to update the
And that is LITERALLY all you need to do to create a new authentication scheme. Download the custom code below and try going to the following URL:
You should be able to see the data. Also, if you go to:
The authentication scheme should deny you from getting any data at all.
- Run the sample code and go to the two URLs above.
- Try to implement your own Session Authentication scheme WITHOUT enforcing CSRF tokens using Custom Authentication. You can see how Session Authentication is implemented here