I am using token-based authentication (via dj-rest-auth 1.1.2) on my Django REST-Framework (DRF v. 3.12.1) project. After an initial view-base login, the server issues a token that the client has to include in the HTTP Authentication header with each request.
What I would like to do is to associate the token authentication with a server-side session, similar to what the Django Session Framework provides. That is, I would like to create a cacheable session object that stores information like user roles, which otherwise would need to be retrieved from the DB with each request.
It seams that there is no ready-made solution for this problem, is there? To my understanding, the Django Session Framework only works with session cookies but not with other tokens. On the other hand, token-based authentication does not create a server-side session, it seems.
My questions:
- Is this correct, or am I simply missing some configuration or mis-reading the documentation?
- If yes, is there something inherently flawed with my intended approach (which would explain why I cannot find a library that already does it)?
- Again if yes, what would be the canonical solution handle complex user roles on each request? Just store them in the DB and let proper caching take care of it?
Thanks for your help!
