Using django-oauth-toolkit with Django 2.x

Question

I've built a web application using django 2.0 and django-rest-framework. In my web app, I've been using django-rest-framework's SessionAuthentication.

I'm in the early stages of building out a supporting mobile app and based on my findings so far, there's a lot of value in doing the extra work to implement some sort of OAuth authentication:

• django swift login system
• https://yeti.co/blog/oauth2-with-django-rest-framework/

I was hoping to use django-oath-toolkit for this, but I noticed in the docs that there's no django 2.x support. I want to avoid refactoring my app using django 1.x, so two questions:

1. Has anyone used django-oath-toolkit successfully for django 2.x? (It appears that at least some people have tried it.) Am I exposing my app to security risks if I go this route?
2. Are there any alternatives to django-oath-toolkit? Or am I wrong in my conclusion that a secure mobile application needs to use OAuth for authentication? (That conclusion was primarily drawn via this Stack Overflow answer.)

Answer 1

The docs might be out of date. If you look at official repo release notes, you can see it supports django 2.x starting from 1.2.0

Ref: https://github.com/jazzband/django-oauth-toolkit/blob/master/CHANGELOG.md#120-2018-06-03