Add support for DRF social authentication #3658
Comments
|
I'm -1 on this As the maintainer of SimpleJWT which is what dj rest auth depends on, I don't really like social authentication via SimpleJWT for security reasons on a community scale (many devs do security well; in light of recent events and just historically, and the fact that some devs will gloss over security holes or parts they're unaware of, I'm not advocating for dj rest auth be included in cookiecutter django) I agree the default DRF tokens module isn't great and having SimpleJWT to replace it is nice; however, I would say more people like django oauth toolkit for its complete oauth methods. Because of two diff packages for one common goal, let's also leave the drf token module in place. It's a really quick removal if you don't want it. |
Description
Add support for DRF social authentication
Rationale
https://github.com/iMerica/dj-rest-auth supports social authentication, which is currently supported on the Django application, but not on the DRF one.
Besides that, I think the API should support another way of authentication besides tokens, JWT for example, since it's possible to have them expire for example.
The text was updated successfully, but these errors were encountered: