<html class="writer-html5" lang="en" >

<meta charset="utf-8" />

<meta http-equiv="X-UA-Compatible" content="IE=edge" />

<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="description" content="None" />

<link rel="shortcut icon" href="img/favicon.ico" />

<title>Django-Rest-Knox</title>

<link rel="stylesheet" href="css/theme.css" />

<link rel="stylesheet" href="css/theme_extra.css" />

<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/styles/github.min.css" />

<script>

// Current page data

var mkdocs_page_name = "Home";

var mkdocs_page_input_path = "index.md";

var mkdocs_page_url = null;

</script>

<!--[if lt IE 9]>

<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/highlight.min.js"></script>

<script>hljs.highlightAll();</script>

<body class="wy-body-for-nav" role="document">

<div class="wy-grid-for-nav">

<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">

<div class="wy-side-scroll">

<div class="wy-side-nav-search">

<a href="." class="icon icon-home"> Django-Rest-Knox

</a><div role="search">

<form id ="rtd-search-form" class="wy-form" action="./search.html" method="get">

<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" title="Type search term here" />

</form>

</div>

<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">

<ul class="current">

<li class="toctree-l1 current"><a class="reference internal current" href="#">Home</a>

<ul class="current">

</ul>

</li>

</ul>

<ul>

<li class="toctree-l1"><a class="reference internal" href="installation/">Installation</a>

</li>

</ul>

<p class="caption"><span class="caption-text">API Guide</span></p>

<ul>

<li class="toctree-l1"><a class="reference internal" href="views/">Views</a>

</li>

<li class="toctree-l1"><a class="reference internal" href="urls/">URLs</a>

</li>

<li class="toctree-l1"><a class="reference internal" href="auth/">Authentication</a>

</li>

<li class="toctree-l1"><a class="reference internal" href="settings/">Settings</a>

</li>

</ul>

<ul>

<li class="toctree-l1"><a class="reference internal" href="changelog/">Changelog</a>

</li>

</ul>

</div>

</div>

</nav>

<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

<nav class="wy-nav-top" role="navigation" aria-label="Mobile navigation menu">

<i data-toggle="wy-nav-top" class="fa fa-bars"></i>

<a href=".">Django-Rest-Knox</a>

</nav>

<div class="wy-nav-content">

<div class="rst-content"><div role="navigation" aria-label="breadcrumbs navigation">

<ul class="wy-breadcrumbs">

<li><a href="." class="icon icon-home" aria-label="Docs"></a></li>

<li class="breadcrumb-item active">Home</li>

<li class="wy-breadcrumbs-aside">

<a href="https://github.com/jazzband/django-rest-knox/edit/master/docs/index.md" class="icon icon-github"> Edit on GitHub</a>

</li>

</ul>

<hr/>

<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">

<div class="section" itemprop="articleBody">

<h1 id="django-rest-knox">Django-Rest-Knox</h1>

<p>Knox provides easy-to-use authentication for <a href="https://www.django-rest-framework.org/">Django REST Framework</a>

The aim is to allow for common patterns in applications that are REST based,

with little extra effort; and to ensure that connections remain secure.</p>

<p>Knox authentication is token based, similar to the <code>TokenAuthentication</code> built

into DRF. However, it overcomes some problems present in the default implementation:</p>

<p>DRF tokens are limited to one per user. This does not facilitate securely

signing in from multiple devices, as the token is shared. It also requires

<em>all</em> devices to be logged out if a server-side logout is required (i.e. the

token is deleted).</p>

<p>Knox provides one token per call to the login view - allowing

each client to have its own token which is deleted on the server side when the client

logs out. Knox also provides an optional setting to limit the amount of tokens generated

per user.</p>

<p>Knox also provides an option for a logged in client to remove <em>all</em> tokens

that the server has - forcing all clients to re-authenticate.</p>

<p>DRF tokens are stored unencrypted in the database. This would allow an attacker

unrestricted access to an account with a token if the database were compromised.</p>

<p>Knox tokens are only stored in an encrypted form. Even if the database were

somehow stolen, an attacker would not be able to log in with the stolen

credentials.</p>

<p>DRF tokens track their creation time, but have no inbuilt mechanism for tokens

expiring. Knox tokens can have an expiry configured in the app settings (default is

10 hours.)</p>

</div>

</div><footer>

<div class="rst-footer-buttons" role="navigation" aria-label="Footer Navigation">

<a href="installation/" class="btn btn-neutral float-right" title="Installation">Next <span class="icon icon-circle-arrow-right"></span></a>

</div>

<hr/>

<div role="contentinfo">

<!-- Copyright etc -->

</div>

Built with <a href="https://www.mkdocs.org/">MkDocs</a> using a <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.

</div>

</div>

</section>

</div>

<div class="rst-versions" role="note" aria-label="Versions">

<span class="rst-current-version" data-toggle="rst-current-version">

<span>

<a href="https://github.com/jazzband/django-rest-knox" class="fa fa-github" style="color: #fcfcfc"> GitHub</a>

</span>

<span><a href="installation/" style="color: #fcfcfc">Next &raquo;</a></span>

</span>

<script src="js/jquery-3.6.0.min.js"></script>

<script>var base_url = ".";</script>

<script src="js/theme_extra.js"></script>

<script src="js/theme.js"></script>

<script src="search/main.js"></script>

<script>

jQuery(function () {

SphinxRtdTheme.Navigation.enable(true);

});

</script>