I have prior experience in Django. Recently I got a project to build in REST architecture. I learned the basics of Django Rest Framework. But I find difficult with the authentication system.
I planned serve my frontend in anguarjs an host it on app.mydomain.com, and the DRF on api.mydomain.com. So all the end application (android, IOS) can pull the the data from api.mydomain.com Here I don't want to use session authentication system, it doesn't play nice with CORS. I am more interested on JSONWebToken than Token Based Authentication because its signed and allows refresh token option too. But, 1. How do I invalidate the existing tokens on password change? 2. How to destroy the token in a mobile lost scenario? Is there any better authentication solution? _______________________________________________ BangPypers mailing list BangPypers@python.org https://mail.python.org/mailman/listinfo/bangpypers
