Does django-rest-auth encrypt tokens in DB?

Tivix / django-rest-auth

This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

www.tivix.com

MIT License

2.4k stars 662 forks source link

Does django-rest-auth encrypt tokens in DB? #546

Closed taylor-shift closed 5 years ago

taylor-shift commented 5 years ago

I do not see this mentioned anywhere in the docs...

Thank you!

rpkilby commented 5 years ago

The default token implementation is the one provided by DRF.

https://github.com/Tivix/django-rest-auth/blob/624ad01afbc86fa15b4e652406f3bdcd01f36e00/rest_auth/models.py#L3

If you look at those models, the token is neither hashed nor encrypted.