WEBVTT
Kind: captions
Language: en

00:00:00.030 --> 00:00:07.370
Next let's test our authentication token
using the mod headers chrome extension

00:00:07.370 --> 00:00:13.860
now you can see from our previous video
that we were given this token string

00:00:13.860 --> 00:00:19.980
when we logged in with our users
username and password now the way that

00:00:19.980 --> 00:00:25.920
the token authentication works is every
single request that's made to the API

00:00:25.920 --> 00:00:34.950
has a HTTP header what we do is we
add the token to the authorization

00:00:34.950 --> 00:00:40.410
header for the requests that we wish to
authenticate so when you make a request

00:00:40.410 --> 00:00:47.280
like a HTTP GET HTTP put patch or post
with that request you can provide a

00:00:47.280 --> 00:00:53.039
header and in our header we're going to
add a key called authorization and then

00:00:53.039 --> 00:00:57.719
we're going to pass in this token with
the request and then when Django rest

00:00:57.719 --> 00:01:03.000
framework receives that request it can
check whether this token exists in the

00:01:03.000 --> 00:01:08.640
database and retrieve the
appropriate user for this token so we're

00:01:08.640 --> 00:01:14.159
going to use the mod header chrome
extension to set our header and check

00:01:14.159 --> 00:01:19.409
that we can manage our profile when
we're authenticated with it so if you

00:01:19.409 --> 00:01:22.560
didn't already install the mod header
chrome extension then go ahead and make

00:01:22.560 --> 00:01:25.799
sure you have that installed as you're
going to need it in order to test the

00:01:25.799 --> 00:01:28.280
API in this video

00:01:28.280 --> 00:01:32.759
so let's copy the string that we were given from our token

00:01:32.759 --> 00:01:36.450
so we're going to copy that to the
clipboard and then we're going to open up

00:01:36.450 --> 00:01:40.979
the mod header chrome extension and
we're going to type in the request headers

00:01:40.979 --> 00:01:45.869
name we're going to type authorization and
you can see that it gives it a drop-down

00:01:45.869 --> 00:01:51.540
here and then the way you pass in the
token is you write token with a capital

00:01:51.540 --> 00:01:57.360
T and then space and then you paste the
token so the Django rest framework knows

00:01:57.360 --> 00:02:02.399
to remove this token part from the
prefix here and then just take this as

00:02:02.399 --> 00:02:07.469
the token so this is the standard
convention for providing a token in the

00:02:07.469 --> 00:02:13.170
authorization header for the Django rest
framework okay so that's all you need to

00:02:13.170 --> 00:02:15.540
do to authenticate the requests now let's go

00:02:15.540 --> 00:02:19.710
ahead and test it make sure you have
this box checked here and then head over

00:02:19.710 --> 00:02:28.440
to API slash profile and you can see
that we returned the list of profiles

00:02:28.440 --> 00:02:36.870
now we authenticated as the mark@londonappdev.com profile so take the

00:02:36.870 --> 00:02:41.970
ID for whichever profile you
authenticated with and put that ID in

00:02:41.970 --> 00:02:47.940
the URL here so I'm going to test with
ID one so I'm going to put profile

00:02:47.940 --> 00:02:54.390
forward slash one and hit enter you can
see that now we can modify this profile

00:02:54.390 --> 00:02:58.860
because we've authenticated
as that user so we can go ahead and

00:02:58.860 --> 00:03:03.720
change the name let's change the name to
my full name here and then let's change

00:03:03.720 --> 00:03:08.940
the password I'm going to change it to
password one two three just the same

00:03:08.940 --> 00:03:15.330
password that it is now hit put and you
can see that it returned the updated

00:03:15.330 --> 00:03:21.510
object with a new name so if we go back
to the profiles list by removing the ID

00:03:21.510 --> 00:03:26.790
you can see that the name has been
updated here okay so what happens if we

00:03:26.790 --> 00:03:31.019
go to another profile that we're not
authenticated with let's go to profile

00:03:31.019 --> 00:03:36.150
two you can see that we're unable to
modify this profile because we haven't

00:03:36.150 --> 00:03:43.320
authenticated with the correct user so
let's go back to profile one and then if

00:03:43.320 --> 00:03:47.519
you wanted to disable the authentication
while you're browsing the API then you

00:03:47.519 --> 00:03:52.140
can simply open up the mod header chrome
extension and uncheck this box here and

00:03:52.140 --> 00:03:58.830
then this header will no longer be sent
with the HTTP requests so when we

00:03:58.830 --> 00:04:02.970
uncheck it and then we refresh the page
you can see that the option to modify

00:04:02.970 --> 00:04:08.220
this profile disappeared because we're
no longer authenticated okay so a couple

00:04:08.220 --> 00:04:12.239
of things to note about the mod header
Chrome extension if you're browsing

00:04:12.239 --> 00:04:17.579
other websites when you have the
authorization token enabled then it may

00:04:17.579 --> 00:04:22.620
conflict with those websites so just
make sure that you disable the authorization

00:04:22.620 --> 00:04:27.060
token whenever you're not testing the
API as it can often

00:04:27.060 --> 00:04:31.590
creates some unexpected side effects on
websites like Google and Google Drive

00:04:31.590 --> 00:04:33.580
and things like that

00:04:33.580 --> 00:04:37.440
okay another thing
to note is that this isn't how you would

00:04:37.440 --> 00:04:42.930
use this token in real life when you
actually use the API you would pass the

00:04:42.930 --> 00:04:48.950
token in into whichever client library
you're using so if you're using

00:04:48.950 --> 00:04:53.490
JavaScript then you may use a library
like the fetch library if we're using

00:04:53.490 --> 00:04:58.440
Python then you may use a library like the request library and these HTTP libraries

00:04:58.440 --> 00:05:04.440
all allow you to add custom header
tokens to your requests we're just using

00:05:04.440 --> 00:05:09.919
this mod header chrome extension in
order to test our API in the browser

00:05:09.919 --> 00:05:14.460
okay so it appears that our API
authentication is working correctly

00:05:14.460 --> 00:05:19.320
let's go over to the terminal and let's
commit our changes to git and then push

00:05:19.320 --> 00:05:23.100
it up to github so head over to the
terminal git bash window and then type

00:05:23.100 --> 00:05:32.190
git add dot git commit - am we'll type
the message added log in API and then

00:05:32.190 --> 00:05:38.660
we'll do git push origin to push these
changes to github