WEBVTT

00:00.360 --> 00:02.790
So what is tokin authentication?

00:02.850 --> 00:09.600
Basically, what token authentication is, is let's say that I as a user, Nick, want to use the zappy

00:09.600 --> 00:15.930
code API rather than sending my username and password every time, which we talked about before.

00:16.230 --> 00:18.660
You could be exposed if it's not over HDD.

00:19.060 --> 00:24.570
Yes, but even if it is, it's, you know, maybe not going to be stored in the exact right place inside

00:24.570 --> 00:27.090
of somebodies app rather than that.

00:27.120 --> 00:30.270
What we can do is I can make a quote unquote log in.

00:30.600 --> 00:31.200
You are Reller.

00:31.230 --> 00:33.930
Maybe we should call it the token generator, whatever it is.

00:33.960 --> 00:41.610
But at one time the user can pass via the API, their username and password, and they get back from

00:41.610 --> 00:45.900
the server, a token, which is just a random string of letters and numbers.

00:45.930 --> 00:51.720
It's not exactly random, but it's a specific string of letters and numbers assigned to that user that

00:51.720 --> 00:58.500
says any time someone wants to interact with the API, if they give us a token, we'll take that token

00:58.770 --> 01:05.370
lookup who it belongs to, and then we will do things in behalf of that particular user, in my opinion.

01:05.730 --> 01:11.280
It's a much better way to roll, because if, you know, some hacker somehow finds that token, yes,

01:11.610 --> 01:14.850
they could do things for that user in their behalf.

01:14.880 --> 01:20.190
But then you, as the owner of the Django project, you could, you know, shut down that particular

01:20.190 --> 01:22.230
token if you realize that it's been stolen.

01:22.800 --> 01:27.750
But, you know, a token gets the user at a hacker access to an API.

01:28.020 --> 01:33.750
It does not give them that user's password, which if that user has used that same password for maybe

01:33.750 --> 01:37.950
their email or other services, could really get into a tricky situation.

01:37.980 --> 01:44.220
So in my opinion, this is just the better way to work with API authentication.

01:44.370 --> 01:49.320
So a def for me blabbing about this, let's talk about how we can appellee actually implement this to

01:49.320 --> 01:49.890
the project.

01:50.040 --> 01:56.030
So let's go to our settings K and let's go ahead and scroll down to our installed apps.

01:56.040 --> 01:57.720
We are adding yet another.

01:58.190 --> 02:01.710
So copy the rest framework and just to add after rest framework.

02:01.800 --> 02:04.680
Dot, auth, token.

02:05.110 --> 02:05.300
OK.

02:05.820 --> 02:09.960
So we're gonna go ahead and save the settings file with this.

02:09.990 --> 02:15.600
This does add a new item into our database and that's basically a place to store these tokens.

02:15.960 --> 02:17.970
So let's go ahead and go to our terminal.

02:18.730 --> 02:21.030
Let's go to the tab where our server is running and you'll notice.

02:21.030 --> 02:23.890
Hey, look, you have some migration's you've got to do so.

02:23.890 --> 02:25.830
We're going to do a control C to stop the server.

02:26.370 --> 02:29.070
And then I'm gonna say that I want to migrate.

02:29.810 --> 02:30.160
OK.

02:30.780 --> 02:35.580
Does those migrations for me and I'm gonna go back to running the server.

02:35.730 --> 02:38.250
And in fact, so that you'll be able to see what this looks like.

02:39.270 --> 02:41.340
Let's go ahead and create a super user.

02:41.760 --> 02:43.250
So I'm going to do managed a pie.

02:43.350 --> 02:46.560
Create super user.

02:47.610 --> 02:50.210
And I'm going to make a user name of admen.

02:50.970 --> 02:53.040
And we don't need an email.

02:53.160 --> 02:55.050
We'll do our classic password.

02:56.910 --> 02:57.930
That's very common.

02:57.960 --> 02:58.830
Yes, that's OK.

02:58.890 --> 03:03.690
So now we have the super user, so on the admin side, we can go see what one of these token looks like.

03:03.960 --> 03:04.280
OK.

03:04.770 --> 03:05.820
So we've got that.

03:05.850 --> 03:08.220
Let's go back to running the server here.

03:09.030 --> 03:09.540
Awesome.

03:10.200 --> 03:13.400
OK, let's go to our settings dot py file.

03:13.410 --> 03:15.210
We have to add a little bit more here.

03:15.210 --> 03:19.650
So we're going to do an all caps rest underscore framework.

03:21.000 --> 03:21.270
OK.

03:21.330 --> 03:26.940
And we're going to say that this is equal to curly brackets and inside the curly brackets here.

03:27.000 --> 03:27.870
We're gonna tab over.

03:27.870 --> 03:29.520
Let's do a string that.

03:30.030 --> 03:30.690
Stay with me.

03:30.720 --> 03:31.950
We're gonna do a bit of typing here.

03:31.950 --> 03:33.030
We want all caps.

03:33.540 --> 03:34.470
Default.

03:35.850 --> 03:42.570
Underscore authentication, underscore classes.

03:44.180 --> 03:53.810
And then we are going to do a colon and then inside of these or for that, we are going to do a list

03:53.810 --> 03:54.140
here.

03:54.170 --> 03:56.000
But we're only providing one object.

03:56.030 --> 04:09.650
And inside of here it is reste underscore framework, dot authentication, dot capital tokin authentication.

04:10.250 --> 04:11.030
Just like that.

04:11.210 --> 04:12.530
And we'll do our trailing comma.

04:12.680 --> 04:17.270
So basically this says the default for any of these, you know, calls here.

04:17.270 --> 04:21.500
We want to use token authentication to make sure that this is an actual user.

04:21.770 --> 04:27.700
If someone's going to require, for example, if you go to our views here, anywhere that we say that

04:27.710 --> 04:32.780
we want to make sure that someone is authenticated, it's going to be using the token authentication,

04:32.870 --> 04:34.620
which is perfect for us.

04:34.720 --> 04:40.250
Okay, so now that we have this in place, it would be great when someone signs up that we actually

04:40.250 --> 04:46.460
go ahead and pass them a token rather than just this random one that I created here would be great to

04:46.460 --> 04:47.100
do the real one.

04:47.120 --> 04:47.390
Right.

04:47.750 --> 04:52.280
So what we need to do is import the code for our token.

04:52.730 --> 04:54.950
So we're gonna go ahead and scroll up a little bit here.

04:54.950 --> 05:00.170
We're going to do from and we want to do reste underscore framework.

05:00.970 --> 05:06.570
Dot Earth Tolkin dot models.

05:07.430 --> 05:09.850
And then we want to import Capital Tolkan.

05:11.780 --> 05:16.610
So once we have that in place, after we've saved our particular user, let's go ahead and create a

05:16.610 --> 05:21.020
token object by saying token is equal to capital token.

05:21.980 --> 05:27.620
And this is where we want to do dot objects, dot create.

05:28.340 --> 05:33.530
And we just want to say that the user object is equal to that user that we just created here.

05:33.620 --> 05:37.940
So this will do all the work for us of, you know, properly saving this forest, whatnot.

05:38.300 --> 05:43.330
And with this token, we can pass it back via the API and we just have to convert it to a string.

05:43.330 --> 05:47.110
So we're going to s tr token just like that.

05:48.440 --> 05:53.780
So really, that's all that we'd need in order to generate these tokens and assign them to a particular

05:53.780 --> 05:54.050
user.

05:54.050 --> 05:57.200
So are going to go ahead and save what we have here.

05:57.740 --> 05:58.160
All right.

05:58.520 --> 06:02.840
And let's go ahead and go back to our terminal and let's go make a new user.

06:02.870 --> 06:09.750
So let's go ahead and add a completely new user, like let's do Nick six, for example, and look at

06:09.760 --> 06:09.960
that.

06:10.190 --> 06:14.720
When we say token, we get back this really long string of letters and numbers.

06:15.230 --> 06:18.190
And if we go, I think this is what makes this really cool.

06:18.200 --> 06:23.410
If we go check out the admin side of our projects are going to do local host slash admen.

06:24.140 --> 06:26.720
And I have to log in as an admen user.

06:27.410 --> 06:29.060
Is that password that we created?

06:29.540 --> 06:29.720
Right.

06:29.750 --> 06:30.920
This is the one that we did.

06:31.010 --> 06:33.290
Remember, we did create super user.

06:33.710 --> 06:36.100
And we did the password and all that good stuff.

06:36.110 --> 06:36.350
Right.

06:36.770 --> 06:39.560
If we look now, we have these tokens here.

06:39.590 --> 06:44.420
And if we look at that look, there's that big long token and we see that this belongs to this user.

06:44.870 --> 06:47.300
So this is all that stored inside of the database.

06:47.750 --> 06:51.230
The token or the key, whatever you want to call it here.

06:51.410 --> 06:53.690
What user it belongs to in when it was created.

06:53.990 --> 06:54.440
That's it.

06:54.620 --> 06:58.430
That's everything that's stored for this particular token thing.

06:58.430 --> 07:03.980
It's very simple, but it's very powerful because someone can pass us this random string of letters,

07:03.980 --> 07:10.190
numbers, and we know that it's connected with Nick six, like it has to be connected with them.

07:10.580 --> 07:15.290
So let's go ahead and test and see if we can get this working in the next lecture.