I didn't find any tutorial in this much detail and easiest to understand. Some people may be skipping because of long tutorial but you are losing the opportunity to learn in this detail level. Thank you Geeky Shows.
Sir, I am unable to figure out that in which type of situation we should use Basic Authentication, Session Authentication, and token authentication? can you do help with this? By The Way, you are Teaching us Amazingly (Thank you so much)
Basic Authentication, Session Authentication, and Token Authentication are different methods used for authenticating users in web applications. The choice of which method to use depends on the specific requirements and constraints of your application. 1. Basic Authentication: Basic Authentication involves sending the username and password with each request, encoded in Base64. It is typically used over HTTPS. Basic Authentication is simple to implement but has some limitations. It is commonly used in situations where security requirements are relatively low, such as internal APIs or legacy systems. However, it is generally not recommended for use in modern web applications due to its vulnerabilities, such as the lack of statelessness and susceptibility to interception. 2. Session Authentication: Session Authentication involves creating a server-side session for each user upon successful login. The server generates a unique session ID, which is then stored in a session store (usually a database or cache). The session ID is sent to the client and included in subsequent requests as a cookie or in the request headers. Session Authentication is commonly used in traditional web applications where server-side state is maintained. It provides better security than Basic Authentication but requires the server to manage session state and is not suitable for stateless architectures or distributed systems. 3. Token Authentication: Token Authentication involves issuing a token (usually a JSON Web Token or JWT) upon successful authentication. The token is sent to the client and included in subsequent requests as a header or in the request payload. The server validates the token and extracts the user identity from it. Token Authentication is widely used in modern web applications and APIs. It is suitable for stateless architectures, microservices, and distributed systems. Tokens can have an expiration time and can be easily revoked, making it more secure and scalable compared to session-based authentication. In summary, Basic Authentication is best suited for simple or internal systems with low security requirements. Session Authentication is suitable for traditional web applications with server-side session management. Token Authentication is preferred for modern web applications, APIs, and distributed systems that require statelessness, scalability, and enhanced security.
Multiple Django apps(sub domain like agar hm google par resister karte h toh hme youtube, gmail.... par signup ni karna padta), shared authentication sir ese kese kar sakte h if possible toh kya aap is par tutorial create kar sakte h django-rest-framework se structure kesa hona chahiye thoda explore kar sakte kya aap
can you make a video where custom model are used for authentication ? Here you're using the inbuilt user but if I want to authenticate suppose Student model with email and password I am not able to do so . I tried using extending AbstractBaseUser and also tried by generating token in jwt but only the superuser is authenticated . Can you please help me ? Give some blog or article to follow or if you could make a video in it would be really helpful. Thanks for making quality content.
I have uploaded many auth videos where i have implemented custom user model watch this ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-jh89xLUsD4U.html
Your videos are great. But this authentication tokens are for super users. What if the students I am creating has portal to log in and after logging in they need token to access various functionalities of that portal. How would I generate tokens for students at login ?
Consider everyone as user A student is user and Admin is also an User. Now you have to identify, If user is not admin then redirect to student dashboard if user is admin then redirect to admin dashboard. You can write custom user model if needed and utilize is_staff or is_admin or is_superser field to identify.
agar front end pe use karna ho to token store karna hoga na. to safe way konsa hai token store karne ka.. web storage api or normal cookie or httponly cookie????
sir ye error aa rahi h jra batao iske bare m http: error: ConnectionError: HTTPConnectionPool(host='127.0.0.1', port=8000): Max retries exceeded with url: /studentapi/ (Caused by NewConnectionError(': Failed to establish a new connection: [WinError 10061] No connection could be made because the target machine actively refused it')) while doing a GET request to URL: 127.0.0.1:8000/studentapi/
getting the following error even after re-installing httpie: http : The term 'http' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
A simple request is that don't go in too deep of every concept, for example we have watched early videos of CRUD that seems meaningless now . only emphasize those topics which are important in production or development.Its not a suggestion but request.
Those are not useless when you will work in a company you will develop API with Custom feature. ModelViewSet CRUD doesn't allow you to much customization. This is only to make simple CRUD operation which you will use rarely in Company. I am using this in these examples for simplicity as my focus in Auth and Perm. Have anyone tried to implement Authentication and Permission with those concepts e.g. Class Based API ? I don't think anyone tried, this is where people are lacking. Trust me when you will work in MNC you wont find all solutions in google that time these deep concepts will help you to solve those problems.
@@geekyshows Thanks for the guidance sir . I hope all others could understand your awesome mentality . but majority on youtube came for the simplicity and shortcuts . that's why you may see video titles like ''become full stack web developer in just three months'' learn django in just one video etc.Indeed you worked hard to reach at this point , doing honest job and not by playing with the mentality of people.
@@mohammadali6828 Those "one video in something or learn something in one hour" Videos are good for revision but not for learning. This is my personal opinion. I should make one video on this topic hmmm At least i should share my thoughts.
@@geekyshows, yes we need to remove this trend of becoming full stack developer in 5 or 10hrs videos. It has distracted the mind of beginner programmers.
