1

I want to create a login form for users to sign into a django site. The site is set up using django rest framework and I am considering having the login form make a request through the site's api.

In the past I have just used a standard django form for user logins. I am concerned that if the new login form sends the request through the site's API instead, there might be a security vulnerability of some sort. However I don't know if this is true, or what the issue with security might actually be.

Should I stick with django forms for authenticating users? Or is it safe to sign users in through the api?

Improve this question
0

1 Answer 1

Reset to default
1

Keep in mind using a Django form will only allow you to use SessionAuthentication under DRF - more notes here. Short of it is to use the Django LoginViews when creating login pages, and the notes on using CSRF tokens if you do use Session Auth with DRF. http://www.django-rest-framework.org/api-guide/authentication/#sessionauthentication

How is the rest of the site set up? Is it an single page app that just happens to be using DRF?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.