WEBVTT

00:01.150 --> 00:01.870
Okay.

00:01.870 --> 00:09.220
In this video we will be talking about token and I will show you how we can generate a token, how we

00:09.220 --> 00:10.660
can use a token.

00:10.660 --> 00:19.630
And later in the tutorial I will show you how we can use Token to authenticate some of our API.

00:20.050 --> 00:22.210
So basically, what is a token?

00:22.240 --> 00:32.290
A token is a random string of characters that will be auto generated by our Django, and this secret

00:32.410 --> 00:36.640
string of characters will be used to authenticate the users.

00:36.640 --> 00:43.750
So basically what we can do is we can tell part of our API or the whole API, we can block it unless

00:43.750 --> 00:47.410
we will, the user will provide a token.

00:47.530 --> 00:55.840
So what we want to do is give an option to the user that he will log in with a username and password

00:55.840 --> 01:00.820
and will return for for the correct credentials will return a token.

01:00.820 --> 01:04.390
And with that token you will need to send it every time.

01:04.390 --> 01:10.180
He wants to have a piece of data from our application, you will need to send it along if the token

01:10.180 --> 01:16.030
is wrong or expired or there is no token, we are not going to return anything.

01:16.030 --> 01:18.610
So how can we actually do this?

01:18.610 --> 01:22.090
This is built in Django rest framework functionality.

01:22.090 --> 01:28.150
So what we need to do is we need to go go to our application, which is first and then go to settings.

01:28.480 --> 01:30.790
And here we have rest framework.

01:30.790 --> 01:44.020
So we need to also add rest framework and then dot out token like that I will put command end.

01:44.650 --> 01:48.880
So we need to add another application to install apps.

01:48.970 --> 01:56.890
I will save it here and what we need to do once we add something in the apps, you can see a message.

01:56.890 --> 01:59.470
Even here you have to unapplied migrations.

01:59.470 --> 02:06.620
So what we need to do is we go Python three, manage pi and then migrate.

02:06.860 --> 02:16.010
So that will apply to migrations from authentication token and apps and that's available for us to use

02:16.010 --> 02:16.400
now.

02:16.400 --> 02:22.640
So our server is running, we'll click on this and then I will go to admin.

02:24.760 --> 02:26.350
We are inside our admin.

02:26.350 --> 02:31.570
How login with my credentials the same as I've done before.

02:31.570 --> 02:37.750
And here we have another option, another section which is authentication token.

02:37.750 --> 02:39.520
And here we have tokens.

02:39.520 --> 02:41.800
So we click here, no tokens there.

02:41.800 --> 02:50.890
Before we will add a token, I will show you that on the home we have inside users, we have one user.

02:50.920 --> 02:53.650
This user has been created before.

02:53.650 --> 02:55.960
We had that authentication token.

02:56.720 --> 02:57.680
Enabled.

02:57.680 --> 03:01.100
So there is no token associated with this user.

03:01.100 --> 03:02.290
So let's fix that.

03:02.300 --> 03:08.420
I will go to home and then to token I can click add here or from the tokens, I will add it from here

03:08.420 --> 03:12.530
and then I can pick for what user I would like to generate.

03:12.530 --> 03:14.600
I will generate one for Christian.

03:14.900 --> 03:20.030
If you have that enable the token will be generated automatically for new users.

03:20.030 --> 03:26.690
But as I said, the Christian has been created before we had that authentication token enable.

03:26.690 --> 03:28.760
So there is it's not available here.

03:28.760 --> 03:30.530
I will just save.

03:33.290 --> 03:39.440
And I can see this string here that's a secret token for that specific user.

03:39.440 --> 03:45.950
So every time you generate a new token or a new user, this random string of character characters will

03:45.950 --> 03:47.930
be generated automatically for you.

03:48.050 --> 03:49.910
So this is done already.

03:49.910 --> 03:52.850
So we have our token generated for our user.

03:52.850 --> 03:55.480
So what can we actually do about it?

03:55.490 --> 04:04.460
At the moment we can't do anything about it, so let's enable that option to get that token when the

04:04.460 --> 04:06.970
user will provide his credentials.

04:06.980 --> 04:13.130
So what we can do, go back to our application and we'll go back to URLs.

04:13.220 --> 04:18.350
So here we'll create another URL for authentication.

04:18.350 --> 04:24.980
The user this time, maybe I don't want to do it in the demo, I can do it in this URL or I can do in

04:24.980 --> 04:31.160
the URL for my application for my project.

04:31.160 --> 04:34.110
So on top of that I can do pad.

04:35.960 --> 04:38.000
And then I will do.

04:38.030 --> 04:44.060
But I can name it whatever I like, but I will do it out so it's short and nice and then whatever you

04:44.060 --> 04:46.280
will do your.

04:47.320 --> 04:49.320
URL slash out.

04:49.350 --> 04:52.680
Then we'll trigger the view for authentication.

04:52.680 --> 04:54.180
We need to import it first.

04:54.330 --> 04:55.560
So from.

04:58.200 --> 04:59.670
Rest framework.

05:00.840 --> 05:01.800
Outspoken.

05:04.460 --> 05:05.840
Views import?

05:06.870 --> 05:11.520
Obtain authentication token and this obtain authentication token.

05:11.520 --> 05:14.480
I can use it here in URLs.

05:14.490 --> 05:22.620
So basically what I am doing is I have that view available from that library authentication token and

05:22.620 --> 05:26.780
then I apply it to a URL out.

05:26.790 --> 05:28.470
So I'll save it now.

05:29.800 --> 05:31.110
And will run the server.

05:32.840 --> 05:34.580
And we'll open Postman.

05:45.860 --> 05:47.150
And that's our postman.

05:47.150 --> 05:56.480
So we can go to our authentication, that's our URL we have created and then I can do send.

05:59.170 --> 06:02.860
So first thing, Methodget is not allowed.

06:02.890 --> 06:10.120
Why this is happening Because the authentication requires my credentials, which is username and password

06:10.120 --> 06:12.370
and methodget returns something.

06:12.370 --> 06:17.380
So if you want to send something to our server then we need to use a post.

06:17.410 --> 06:21.460
So I will switch to post and let's try the same method again.

06:23.160 --> 06:29.010
It still doesn't return anything to us because we need to provide a username and password so we can

06:29.010 --> 06:29.790
do that.

06:29.880 --> 06:31.050
Going to body.

06:32.290 --> 06:39.610
And then what I can do is I can do username here and then password here.

06:39.610 --> 06:40.990
So username.

06:40.990 --> 06:47.260
As you remember we've created super user with user.

06:49.360 --> 06:52.210
Christiane and password.

06:52.810 --> 06:53.530
Christiane.

06:53.530 --> 06:54.920
So username and password.

06:54.940 --> 06:59.380
This time when I use the post, I will send username and password.

06:59.920 --> 07:00.970
I will send it now.

07:01.270 --> 07:10.210
And you can see here in return, I got this string of characters and you can see B5 five eight.

07:11.010 --> 07:14.100
Is the same B5 eight as you have it here.

07:14.100 --> 07:15.780
So this token.

07:17.670 --> 07:25.290
Is returned from our out URL when I provide username password.

07:25.290 --> 07:29.660
So basically that's our login functionality built in.

07:29.670 --> 07:34.050
So we provide username and password, send it to Django.

07:34.050 --> 07:36.810
Django, authenticate that user and check it.

07:36.810 --> 07:37.170
Okay.

07:37.170 --> 07:43.350
We have user with name username, Christian and password Christian and then in return we will give me

07:43.350 --> 07:44.280
that token.

07:44.280 --> 07:49.020
So that token at the moment is useless because we don't use it anywhere.

07:49.020 --> 07:56.160
And in the next video I will show show you how we can actually protect our API, our resources on our

07:56.160 --> 08:02.490
database only allow users with that token to see our databases record.