In my django web app, which is split into a front and and a back end project, I am currently using a custom AuthBackend class that extends django's BaseBackend, as well as DRF's UserTokenAuthentication.
Am I right to think that I only need one of these approaches? Or is there a reason to use django's login() function, even if i am using DRF's token auth? I know it stores the user in the session, so I guess that would make passing and authenticating a token pointless?
What's my best approach? Cheers :)
There are differences in both namespaces wise and purpose wise.
In Django, auth backends handle session-based authentication only whereas rest framework auth supports not only session-based auth but also token (JWT, OAuth ), and basic auth based authentication.
Besides, Django auth backends authenticate requests during passing through middle-ware and rest framework authenticate without middle-ware.
If you are planning to separate your backend and frontend then go for token-based auth. There is no reason to use the login function of Django if you only use token-based auth to authenticate.