DEV Community

Billy Okeyo
Billy Okeyo

Posted on • Originally published at billyokeyo.com on

API Authentication with Django Rest Knox

Authentication is a crucial part of any web application. It involves the process of verifying the identity of a user, ensuring that only authorized users can access the application’s resources. Django is a powerful web framework for Python, and Django Knox is a powerful library for handling authentication in Django. In this article, we will explore how to implement authentication using Django Knox.

Django Knox provides a simple, easy-to-use API for authentication in Django. It uses JSON Web Tokens (JWT) to authenticate users, and it provides a number of features that make it ideal for web applications. For example, JWTs are stateless, which means that they do not require a server-side session, making them ideal for use in web applications that need to scale.

To implement authentication in Django using Django Knox, you will need to install the Django Knox library and configure it in your Django project. You will also need to create a Django model for your users, and you will need to configure Django to use Knox as your authentication backend.

Once you have installed and configured Django Knox, you can implement authentication by creating a view for authentication. This view will take in a username and password, and it will use the Django Knox library to generate a JWT for the user. You can then store this JWT in your client-side application, and use it to make authenticated API requests to your Django application.

When a user makes an authenticated API request to your Django application, you will need to validate the JWT that is included in the request. To do this, you will use the Django Knox library to parse the JWT, and you will use the data contained in the JWT to look up the user in your database. If the user is found and the JWT is valid, you will allow the user to access the requested resource.

Django Knox provides a simple, easy-to-use API for authentication in Django. To set it up, you need to follow the following steps:

Install Django Knox: To install Django Knox, you need to run the following command in your terminal:

pip install django-knox

Enter fullscreen mode Exit fullscreen mode

Next we add knox to your INSTALLED_APPS list: In your Django settings.py file, add knox to your INSTALLED_APPS list:

INSTALLED_APPS = [
    # ...
    'knox',
    # ...
]

Enter fullscreen mode Exit fullscreen mode

We can go ahead and add knox URLs to your urls.py file: To add knox URLs to your urls.py file, you need to add the following code:

from django.urls import path
from knox import views as knox_views

urlpatterns = [
    # ...
    path('api/auth', include('knox.urls')),
    path('api/auth/logout', knox_views.LogoutView.as_view(), name='knox_logout'),
    path('api/auth/logout/all', knox_views.LogoutAllView.as_view(), name='knox_logout_all'),
    # ...
]

Enter fullscreen mode Exit fullscreen mode

After we are done setting up knox, we now need to create a Django Model for your users: To create a Django Model for your users, you can skip this if you had already created this or you adding knox to an already built project. You need to add the following code to your models.py file:

from django.contrib.auth.models import User

class User(models.Model):
    # ...
    username = models.CharField(max_length=100, unique=True)
    password = models.CharField(max_length=100)
    # ...

Enter fullscreen mode Exit fullscreen mode

Next, configure Django to use Knox as your authentication backend: To configure Django to use Knox as your authentication backend, you need to add the following code to your settings.py file:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ('knox.auth.TokenAuthentication',),
}

Enter fullscreen mode Exit fullscreen mode

We now need to create a view for authentication: To create a view for authentication, you need to add the following code to your views.py file:

from django.contrib.auth import authenticate
from knox.models import AuthToken
from rest_framework import generics
from rest_framework.response import Response

class LoginAPI(generics.GenericAPIView):
    authentication_classes = []
    permission_classes = []

    def post(self, request, *args, **kwargs):
        username = request.data.get("username")
        password = request.data.get("password")
        user = authenticate(username=username, password=password)
        if user is not None:
            return Response({
                "user": UserSerializer(user, context=self.get_serializer_context()).data,
                "token": AuthToken.objects.create(user)[1]
            })
        else:
            return Response({"error": "Invalid credentials"})

Enter fullscreen mode Exit fullscreen mode

Next, we implement authentication: To implement authentication, you need to make a POST request to the /api/auth/login endpoint with your username and password as JSON data in the request body. For example, using Python Requests library:

import requests

url = "http://localhost:8000/api/auth/login"
data = {"username": "your_username", "password": "your_password"}

response = requests.post(url, json=data)

if response.status_code == 200:
    print(response.json())
else:
    print("Failed to login.")

Enter fullscreen mode Exit fullscreen mode

In the response, you will receive a JSON object with the user data and the authentication token. You can use this token in the Authorization header for all subsequent requests, to authenticate the user. For example:

headers = {
    "Authorization": f"Token {response.json()['token']}"
}

response = requests.get("http://localhost:8000/api/protected_endpoint", headers=headers)
print(response.json())

Enter fullscreen mode Exit fullscreen mode

With these steps, you can now add authentication to your Django applications using Django Knox. To logout a user, you can make a POST request to the /api/auth/logout endpoint. To logout all sessions of a user, you can make a POST request to the /api/auth/logout/all endpoint.

In conclusion, authentication is a crucial part of any web application, and Django Knox provides a simple, easy-to-use API for authentication in Django. With Django Knox, you can implement authentication by creating a view for authentication, storing JWTs in your client-side application, and validating JWTs when users make authenticated API requests. Whether you are building a simple web application or a complex web application, Django Knox provides the tools you need to handle authentication with ease.

Top comments (2)

Collapse
 
karen20210 profile image
Some
INSTALLED_APPS = (
  ...
  'rest_framework',
  'knox',
  ...
)
Enter fullscreen mode Exit fullscreen mode
Collapse
 
karen20210 profile image
Some

pip install django-knox

There are no module django-knox

maybe you mean pip install django-rest-knox