I am not very fimiliar with authentication but I know that JWT is the best practice and market standard but do I really need to implement JWT in Django can I not use Django built-in cookie-based authentication if not then and what are the advantages of using JWT over Django cookie-based authentication.
Asked
Active
Viewed 99 times
0
-
I would stick to Django's out-of-the-box session-based authentication to minimize possible attack vectors due to implementation mistakes on your end. In short, JWT is great for stateless applications and RESTful endpoints (which both can be leveraged via Django) - but, assuming you are just creating a normal website, it's likely best to stick to sessions (for no other reasons than to minimize potential attack vectors, as mentioned earlier). – felipe Mar 09 '21 at 16:36
-
I do want to add that if your goal is to create an authorization server you should look into OAuth2.0 and/or OpenID Connect - JWT is simply a token format, nothing more, nothing less. While JWT is not specified in their RFCs, it is usually used in conjunction with those protocols. – felipe Mar 09 '21 at 16:38