0

I figured out that django-auth hashes passwords per default with random salt in the background: https://docs.djangoproject.com/en/2.1/topics/auth/passwords/

However, I am not quite sure yet, what's the difference between django-auth and django-rest-auth.

And I could not find information whether django-rest-auth will also hash and salt passwords automatically.

Could someone explain what exactly the differences are between django-auth and django-rest-auth, when to choose which and why there are two libraries for the same problem?

It is quite confusing for me as a beginner.

Improve this question

1 Answer 1

Reset to default
1

django-rest-auth's documentation explains the purpose of the project pretty well:

Since the introduction of django-rest-framework, Django apps have been able to serve up app-level REST API endpoints. As a result, we saw a lot of instances where developers implemented their own REST registration API endpoints here and there, snippets, and so on. We aim to solve this demand by providing django-rest-auth, a set of REST API endpoints to handle User Registration and Authentication tasks. By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for User Management. Of course, we’ll add more API endpoints as we see the demand.

The project exists to provide a set of common API endpoints for authentication. It doesn't handle authentication tasks itself, so it doesn't have to worry about things like password hashing.

For example, its PasswordChangeSerializer uses the SetPasswordForm from django.contrib.auth. It gets to use all the good stuff that Django's built-in auth framework provides.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you very much, this clarifies many things for me! So I can basically say that the django-rest-framework or better, django-rest-auth uses django-auth behind the scenes without me having to worry about it?
@ElectRocnic, by default, yes. You can override a bunch of stuff if you really want to but out of the box it exposes Django's built-in auth over API endpoints.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.