Django REST API: How to authenticate against user AND account(subdomain)

2018-05-31 00:13:21

New to Django-REST API and designing APIs in general. Right now I'm toying with setting up an API for my webapp - for use with iOS(react native).

There's 4 basic classes handling users/accounts.

User:

the basic Django User model

Account:

name subdomain etc...

AccountMembership:

user(fk), account(fk) & and some custom information related to each account...

DeletedUser:

first_name, last_name, deleted_at

(not much else really... to avoid doing soft-deletes on user-date. )

Note: This design is the result of people sometimes having memberships on multiple accounts, while preserving one user/login.

So at the moment each account has its own subdomain. Each user is then authenticated and logged in on a specific subdomain(if an active AccountMembership exists for that Account and User).

But how would I go about designing this API-wise???

Seems the token authentication method is basically authenticating against user and password? Or can I simply authenticate a User and then send the token+Account.ID with every request and then check for an AccountMembership between that token+account?

Or would I construct a token based on each Membership+Account?

链接地址: http://www.djcxy.com/p/5780.html

上一篇: Django：每个用户模型一个身份验证后端

下一篇: Django REST API：如何根据用户和帐户（子域）进行身份验证