Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Python Django REST Framework Security and Customization Token Authentication

Adam Cameron
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Adam Cameron
Python Web Development Techdegree Graduate 16,731 Points

Why don't we "have" the token after Kenneth creates it in the shell?

Kenneth adjusts the settings to enable token-based authentication and manually creates a token with the shell. My question is, if the token can only be created by passing a User to the call to Token.objects.create(), then why don't we "have" the token a minute later when Kenneth wants to see "auth required" features? Shouldn't Django see that the logged-in user is associated with this token? What am I missing here?

1 Answer

Chris Howell
seal-mask
.a{fill-rule:evenodd;}techdegree seal-36
Chris Howell
Python Web Development Techdegree Graduate 49,702 Points

Hey Adam Cameron

So in that video around the time 2:30 time marker. Kenneth says the following before he starts typing the shell way of generating a Token.

Now, normally if you were doing this, you would have something set up to where you automatically created a token whenever a user signed up. I don't have that set up at the moment.

Now I am not sure why only the shell aspect was covered, it seems like this detail could of been overlooked or maybe intentionally missed so it would force you to seek out the documentation. Assuming you are attempting this in your own environment with your own updated dependencies than what was used in the workspaces.

Read through this section of the Django Rest Framework (DRF) docs: DRF Authentication: Generating Tokens

These show the Django ways of implementing token auth. Take note of the examples, but mostly concentrate on the text explanations. They help sort out the why you might use it or bring more depth forward.