Closed steverecio closed 4 months ago
steverecio
commented
4 years ago Ok I was able to get the token with the following code (discovered by looking through the unit tests):
instance, token = AuthToken.objects.create(user=user)
And then pass the header Authorization: Token {{ token }}.
Is there a way to get this token from the model object so that I can use a non-expiring token for my client facing API keys?
jonathan-golorry
commented
3 years ago Is there a way to get this token from the model object
No. Only a prefix and hash (and previously salt) are stored in the db. The whole point is that an attacker will be unable to calculate the token even if they get a copy of the DB.
so that I can use a non-expiring token for my client facing API keys?
You can configure knox for non-expiring tokens.
REST_KNOX = {
"TOKEN_TTL": None,
}
Maybe I'm missing this somewhere in the docs but where do I get the string to pass into the authorization header? I presume its not the digest, token_key, or salt given that those fields are all stored in plaintext in the database but the model doesn't seem to have any helper method to get the actual auth token...