rest_framework.authentication

Provides various authentication policies.

Module Contents

get_authorization_header(request)

Return request’s ‘Authorization:’ header, as a bytestring.

Hide some test client ickyness where the header can be unicode.

class CSRFCheck

Bases:django.middleware.csrf.CsrfViewMiddleware

_reject(self, request, reason)
class BaseAuthentication

Bases:object

All authentication classes should extend BaseAuthentication.

authenticate(self, request)

Authenticate the request and return a two-tuple of (user, token).

authenticate_header(self, request)

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

class BasicAuthentication

Bases:rest_framework.authentication.BaseAuthentication

HTTP Basic authentication against username/password.

www_authenticate_realm = api
authenticate(self, request)

Returns a User if a correct username and password have been supplied using HTTP Basic authentication. Otherwise returns None.

authenticate_credentials(self, userid, password, request=None)

Authenticate the userid and password against username and password with optional request for context.

authenticate_header(self, request)
class SessionAuthentication

Bases:rest_framework.authentication.BaseAuthentication

Use Django’s session framework for authentication.

authenticate(self, request)

Returns a User if the request session currently has a logged in user. Otherwise returns None.

enforce_csrf(self, request)

Enforce CSRF validation for session based authentication.

class TokenAuthentication

Bases:rest_framework.authentication.BaseAuthentication

Simple token based authentication.

Clients should authenticate by passing the token key in the “Authorization” HTTP header, prepended with the string “Token “. For example:

Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a
keyword = Token
model
get_model(self)
authenticate(self, request)
authenticate_credentials(self, key)
authenticate_header(self, request)
class RemoteUserAuthentication

Bases:rest_framework.authentication.BaseAuthentication

REMOTE_USER authentication.

To use this, set up your web server to perform authentication, which will set the REMOTE_USER environment variable. You will need to have ‘django.contrib.auth.backends.RemoteUserBackend in your AUTHENTICATION_BACKENDS setting

header = REMOTE_USER
authenticate(self, request)