====== Django Backend Development ======
===== - DRF Authentication =====

* DRF, allauth, djoser, simpe-jwt: https://ruddra.com/django-jwt-auth-app-in-10-mins/
  * usage https://djoser.readthedocs.io/en/latest/sample_usage.html
* https://hackernoon.com/110percent-complete-jwt-authentication-with-django-and-react-2020-iejq34ta

Register a new user:

    curl -X POST http://http://192.168.39.162:3000/auth/users/ --data 'username=djoser&password=alpine12'
{"email": "", "username": "djoser", "id":1}

So far, so good. We have just created a new user using REST API.

Let’s access user’s details:

    curl -LX GET http://http://192.168.39.162:3000/auth/users/me/
{"detail": "Authentication credentials were not provided."}

As we can see, we cannot access user profile without logging in. Pretty obvious.

Let’s log in:

    curl -X POST http://http://192.168.39.162:3000/auth/token/login/ --data 'username=djoser&password=alpine12'
{"auth_token": "b704c9fc3655635646356ac2950269f352ea1139"}

We have just obtained an authorization token that we may use later in order to retrieve specific resources.

Let’s access user’s details again:

    curl -LX GET http://http://192.168.39.162:3000/auth/users/me/
{"detail": "Authentication credentials were not provided."}

Access is still forbidden but let’s offer the token we obtained:

    curl -LX GET http://192.168.39.162:3000/auth/users/me/ -H 'Authorization: Token b704c9fc3655635646356ac2950269f352ea1139'
{"email": "", "username": "djoser", "id": 1}

Yay, it works!

Now let’s log out:

    curl -X POST http://192.168.39.162:3000/auth/token/logout/ -H 'Authorization: Token b704c9fc3655635646356ac2950269f352ea1139'

And try access user profile again:

    curl -LX GET http://192.168.39.162:3000/auth/users/me/ -H 'Authorization: Token b704c9fc3655635646356ac2950269f352ea1139'
{"detail": "Invalid token"}

As we can see, user has been logged out successfully and the proper token has been removed.