Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

Python Django REST Framework Security and Customization Token Authentication

Adam Cameron
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Adam Cameron
Python Web Development Techdegree Graduate 16,731 Points

Why don't we "have" the token after Kenneth creates it in the shell?

Kenneth adjusts the settings to enable token-based authentication and manually creates a token with the shell. My question is, if the token can only be created by passing a User to the call to Token.objects.create(), then why don't we "have" the token a minute later when Kenneth wants to see "auth required" features? Shouldn't Django see that the logged-in user is associated with this token? What am I missing here?

1 Answer

Chris Howell
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Chris Howell
Python Web Development Techdegree Graduate 49,610 Points

Hey Adam Cameron

So in that video around the time 2:30 time marker. Kenneth says the following before he starts typing the shell way of generating a Token.

Now, normally if you were doing this, you would have something set up to where you automatically created a token whenever a user signed up. I don't have that set up at the moment.

Now I am not sure why only the shell aspect was covered, it seems like this detail could of been overlooked or maybe intentionally missed so it would force you to seek out the documentation. Assuming you are attempting this in your own environment with your own updated dependencies than what was used in the workspaces.

Read through this section of the Django Rest Framework (DRF) docs: DRF Authentication: Generating Tokens

These show the Django ways of implementing token auth. Take note of the examples, but mostly concentrate on the text explanations. They help sort out the why you might use it or bring more depth forward.