3
votes

I am using JWT token authentication with Django REST

$ curl -X POST -d "username=admin&password=abc123" http://localhost:8000/api-token-auth/

and then

$ curl -H "Authorization: JWT <your_token>" http://localhost:8000/protected-url/

My points is if someone has to enter username / password in curl to get token and then use that token to get url in 2 steps. Then why not use username / password with basic authentication . as that will be with one request only.

What advantage will token give us . we have to type username / password anyway in token AUTH as well

1

1 Answers

1
votes

You are right, if that would be the normal workflow there would be not much advantage. Expect that token auth has slightly better performance, because you don't have to hash the password.

But normally the token is stored on the client side. Imagine a mobile app. There you login once to obtain and store the token. Now you can do authenticated API requests without username/password.