I figured out that django-auth hashes passwords per default with random salt in the background: https://docs.djangoproject.com/en/2.1/topics/auth/passwords/
However, I am not quite sure yet, what's the difference between django-auth and django-rest-auth.
And I could not find information whether django-rest-auth will also hash and salt passwords automatically.
Could someone explain what exactly the differences are between django-auth and django-rest-auth, when to choose which and why there are two libraries for the same problem?
It is quite confusing for me as a beginner.
django-rest-auth's documentation explains the purpose of the project pretty well:
Since the introduction of django-rest-framework, Django apps have been able to serve up app-level REST API endpoints. As a result, we saw a lot of instances where developers implemented their own REST registration API endpoints here and there, snippets, and so on. We aim to solve this demand by providing django-rest-auth, a set of REST API endpoints to handle User Registration and Authentication tasks. By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for User Management. Of course, we’ll add more API endpoints as we see the demand.
The project exists to provide a set of common API endpoints for authentication. It doesn't handle authentication tasks itself, so it doesn't have to worry about things like password hashing.
For example, its PasswordChangeSerializer uses the SetPasswordForm from django.contrib.auth. It gets to use all the good stuff that Django's built-in auth framework provides.