Update docs for tokenauth

36cd91bb · Mjumbe Wawatu Poe · 7f987419 · 36cd91bb
Commit 36cd91bb authored Sep 07, 2012 by Mjumbe Wawatu Poe
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 5 deletions

docs/api-guide/authentication.md
+9 -5

No files found.
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -65,16 +65,20 @@ If successfully authenticated, `UserBasicAuthentication` provides the following 
 * `request.user` will be a `django.contrib.auth.models.User` instance.
 * `request.auth` will be `None`.

-## TokenBasicAuthentication
+## TokenAuthentication

-This policy uses [HTTP Basic Authentication][basicauth], signed against a token key and secret.  Token basic authentication is appropriate for client-server setups, such as native desktop and mobile clients.
+This policy uses [HTTP Authentication][basicauth] with a custom authentication scheme called "Token".  Token basic authentication is appropriate for client-server setups, such as native desktop and mobile clients.  The token key should be passed in as a string to the "Authorization" HTTP header.  For example:

-**Note:** If you run `TokenBasicAuthentication` in production your API must be `https` only, or it will be completely insecure.
+    curl http://my.api.org/ -X POST -H "Authorization: Token 0123456789abcdef0123456789abcdef"

-If successfully authenticated, `TokenBasicAuthentication` provides the following credentials.
+**Note:** If you run `TokenAuthentication` in production your API must be `https` only, or it will be completely insecure.
+
+If successfully authenticated, `TokenAuthentication` provides the following credentials.

 * `request.user` will be a `django.contrib.auth.models.User` instance.
-* `request.auth` will be a `djangorestframework.models.BasicToken` instance.
+* `request.auth` will be a `djangorestframework.tokenauth.models.Token` instance.
+
+To use the `TokenAuthentication` scheme, you must have a token model.  Django REST Framework comes with a minimal default token model.  To use it, include `djangorestframework.tokenauth` in your installed applications.  To use your own token model, subclass the `djangorestframework.tokenauth.authentication.TokenAuthentication` class and specify a `model` attribute that references your custom token model.  The token model must provide `user`, `key`, and `revoked` attributes.  For convenience, the `djangorestframework.tokenauth.models.BaseToken` abstract model implements this minimum contract, and also randomly populates the key field when none is provided.

 ## OAuthAuthentication