1
votes

I want some advice on choosing right package in a REST Api django project


For authentication:Which one of below I should choose ?

django-oauth-toolkit: seems to be the most robust and recommended oauth library for DRF. This do not have account management. How can i implement account management with this package? If yes, can I get some guide.

django-rest-auth: API endpoints for authentication, and basic account management for DRF. But seems not as robust as django-oauth as django-oauth allows token expiery etc. or i am missing some feature of rest-auth


For authorisation: I will be going for django-guardian over django-role-permission. Later seems more like back end utility to control user roles.


My deep desire is to use oauth-toolkit but it does not have basic user management. On the contrary rest-auth has user management but lacks (seems to be) roubustness of oauth.

Please help me make a choice.

2
Yes as you said, oauth is the robust package you can use it for securing all you api's via token based authentication. Also What do you mean by basic user management ? - Sukhpreet Singh
By basic user management I mean rest-auth has many api end points like user registration, pasaword change, confirmation on password chane.. Django-Outh Toolkit do not have those. So what to do? I need to write my own code for such functionality if I choose Django-autho.? - cyberspider789
It sounds like you already know the pros and cons of each package, so why look up to others to make the choice for you? I doubt that is in line with the purpose of this site - Ken4scholars
Dear ken4scholars, kindly go through my dilemma once again. Can you tell me how to implement user management in django-outh just like django-rest-auth? If no, then fine, if yes, any help is much much appreciated. - cyberspider789

2 Answers

1
votes

I came to understand that DRF supports builtin support for OAuth2 and provides token utilising 'provider.oauth2'dependency hence django-oauth-toolkit could be avoided just in case.

'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.OAuth2Authentication', ),

Thanks every one for your interest.

0
votes

Django rest auth amounts to a small set of API views around django-allauth which is (according to github usage stats) much more used than oauth-toolkit.

allauth is pretty great and has a long list of available providers. Adding a new one is very easy and can nearly be completed 100% through the admin interface.

rest_auth essentially wraps django allauth to make it available via API. Where rest_auth falls short, it is fairly easy to implement what you need to work directly with allauth. If you need jwt support with rest_auth they recommend another 3rd party library.

The biggest problem with rest_auth we've run into is that the documentation is just OK and there are many open issues in the repo that should be closed with more clear resolution, there is a lot of misinformation in the issues.

Looking forward to resolving some of that confusion by inquiring as to the State of rest_auth

As far as your need for user management goes, django user management is robust as is.