Nowhere can I find information on how to implement a signature signature to access api. Django has a built-in django.core.signing class, but how to use it in, for example, an android application, how to create a signature for a request, so that it can be decoded and validated on the server? Thank !
1 answer
I would suggest using the Django REST + JWT http://getblimp.imtqy.com/django-rest-framework-jwt/ and on the Android side, respectively, send and extend the token via the Retrofit / OkHTTP3 Interceptor.
Serge Markov Serge Markov
2,093 four eight
- django has its own token-based authorization mechanism, just a matter of security. How to be if the attacker seized the token? It is necessary to check the signature, but how to create it has not yet found the answer. - Alexandr Vasilenko 1:27 pm
- As far as I understand the mechanism - on the server side we sign part of the form and sew up the keys and then on the server side we check it (have we changed part of the form), right? For Android, it does not make sense, since the key will somehow bite off, so the signature mechanisms are more complicated. - Serge Markov
|