REST API Token Authentication for Mobile Apps
Рет қаралды 107,660
Күн бұрын
@ethemguner6808 4 жыл бұрын
Man, I learnt Django with myself. I built a few website for my school. Now I'm working with my school's IT department. I need to learn Rest API. I was thinking to buy course from Udemy but I found you. You're the best! Thanks for all videos you uploaded.
@bertrandfossung1216 3 жыл бұрын
Man you’re a life saver. I’ve been browsing the internet for this for quite sometime now. Good thing you make Mobile Rest API explanation so simple. Thank you very much. 🙏🏾🙏🏾🙏🏾
@jatinsachdev 5 жыл бұрын
Mitch - Authorization Key is different from tokens. Auth token concept is based on oAuth specification. Please correct me if I am wrong. Access tokens + refresh tokens are generated when you authenticate. Access token expires then refresh token is used to regenerate access token.
@codingwithmitch 5 жыл бұрын
Django rest framework token auth is as I explained in this video. There is many ways to authenticate. This is one of them
@codingwithmitch 5 жыл бұрын
The food2fork auth method is slightly different if that's what you meant. It was just meant to be an example
@gauravshinde6559 4 жыл бұрын
Thanks a lot... I was struggling to understand this concept and I am currently building project with flutter and django backend.... So looking forward for your series
@ravronz9677 3 жыл бұрын
very clean explaination thanks so much for your effort.
@aromatastore9597 4 жыл бұрын
Hey Mitch why some frameworks generate the api_token upon registration of the user ? And one more question api_tokens can be used only for Authentication and not for authorization right ? I mean if i have to get data for a specific user ill do it with the old way upon login i'll fetch from db his user_id and then store it in a session for later use for the queries right ? Or i could use JWT..
@jaakkooksa5374 4 жыл бұрын
Passing the API key in the query string does not seem terribly secure :-)
@Ibrahim_usman 5 жыл бұрын
Hello, can you consider doing something on JWT Bearer token with mobile app? I'm yet to see someone build a Rest api with Refresh tokens
@codingwithmitch 5 жыл бұрын
What do you mean by refresh tokens? You mean one that refreshes every day or hour or something?
@Ibrahim_usman 5 жыл бұрын
CodingWithMitch More like once you login, two tokens are generated. An access token that grants the user access and a refresh token to use and generate a new access token when the previous one expires. Let’s say an access token will take 7 days to expire, but the refresh token can take 100days to expire. Within that 100days the app can generate multiple access tokens without the user having to login again. I read that it helps with security and the User Experience if you’re designing an app where the user can afford not to login too often. I’m not yet really good at using it but if u want an example you can take a look at how firebase uses Access and refresh token for app authentication. Hope this helps
@buzzminkyunghoon3856 5 жыл бұрын
Yeah I have seen refresh token in Facebook authentication oauth2
@kaizen960 Жыл бұрын
Dude thanks for sharing ur knowledge! You helping thousands of people.
@bikerflyer563 4 жыл бұрын
yes you are one of the best teachers i have found!
@SaminAliMondal 5 жыл бұрын
But the difference is, Firebase automatically give data to app by listener. But our manual created rest apis not. We need to call api, to check updates. Sometime I got too many request error from Retrofit for checking updates. I'm talking about chat application, which I'm building.
@NirmalyaSaha 4 жыл бұрын
I'm using MS Adal plugins for a Ionic3 project and its validate user from azure. Now, If I follow the below steps, Logged in the app after the sso validation and close the app. I change the password from a web browser. Now, I again open the app. then, the app is opening without validating the JWT access token. For a browser, the browser itself do all the validation for SSO authentication. We don't need to remember the accessToken in the application. But a mobile app is standalone application. So, is there a way to validate and renew the JWT access token for mobile app? OR could I validate and renew the JWT access token via dot net api?
@navalhasan4831 2 жыл бұрын
We can create Auth token by using firebase right? So when we do that from mobile, How the authentication is happening? I mean how does the server team knows this is the right token?
@erickariuki5169 4 жыл бұрын
I wish I had the ability to subscribe twice to this channel.
@randy4443 4 жыл бұрын
Hi Mitch, I am wondering if you are able to filter an API? For example, if an API provides media(photo and video) but you only want to retrieve photos, is this possible?
@kingkesylo8516 4 жыл бұрын
MANNNN YOU ARE THE BEST OF BESTS. THANK YOU VERY MUUUUUUUUUUUUUUUUUUUCH
@bhaveshagarwal6509 5 жыл бұрын
Hey Mitch Can u tell me how to delete the token when the user logged out from the app.
@codingwithmitch 5 жыл бұрын
token.delete()
@bhaveshagarwal6509 5 жыл бұрын
@@codingwithmitch Is it necessary to delete token manually or it gets automatically deleted when the user log out from the app when we are using authtoken
@codingwithmitch 5 жыл бұрын
@@bhaveshagarwal6509 It does not get automatically deleted. If you want to generate a new one upon every login, you should delete it when they logout or something.
@bhaveshagarwal6509 5 жыл бұрын
@@codingwithmitch Ok, thanks mitch :)
@burakataseven2595 5 жыл бұрын
Let's say i built a mobile app which logins into your api receives token and uses your api. Is there a way you could prevent me using your api ?
@codingwithmitch 5 жыл бұрын
Yes. Only members on codingwithmitch will have a valid token
@junekatunge9594 2 жыл бұрын
what is a slug and do i need it in my project?
@vkashpoudel8771 3 жыл бұрын
Like how to expire these api key for the users for a 3 month time and the users have to request again for the key
@riteshranjan4462 3 жыл бұрын
Can you help me with APIMEDIC api authentication? I am currently doing a project. And I am stuck in it for 2 days. I need urgent help.
@mykalimba 5 жыл бұрын
Many people are reluctant to provide an email/password combination to use a mobile app (think shopping apps like Target, etc.). Is there a way to authenticate "anonymously" (perhaps using information about the device) such that the server knows who you are (and what's in your shopping cart) every time you run the app (assuming on the same device)?
@PeteMidg 2 жыл бұрын
Yes, for certain things you (as the programmer) want to authorise behind the scenes to a (for example) azure active directory protected api, and I think that the only way to do that is with one dedicated userId that is registered with your own azure AD. That covers the ‘anonymous’ use, and you can then have a ‘logged in’ part of the app where it is a personal account that the customer has set up. Thoughts?
@ashwinkumarsariwal6321 3 жыл бұрын
Hey Mitch, is there a way so that only our project can use the Rest API, not any other website should access the rest API?
@codingwithmitch 3 жыл бұрын
Ya through the authentication. Only users with a valid token can access the API
@ashwinkumarsariwal6321 3 жыл бұрын
@@codingwithmitch thank you for your reply, I wanted to ask what if the website does not have any user creation, and I want only my website to consume the django rest api that is created in the same project.
@codingwithmitch 3 жыл бұрын
@@ashwinkumarsariwal6321 you need something to differentiate the things you want to use the Api with the things that can't. Check out the different forms of authentication in the Django rest framework docs
@ashwinkumarsariwal6321 3 жыл бұрын
@@codingwithmitch thank you for your help, I hope this will work, you are the best🔥
@buzzminkyunghoon3856 5 жыл бұрын
Wow. This has 1k already in one day. Others got like 100 views. What keyword triggered?
@codingwithmitch 5 жыл бұрын
Not sure. But generally the Django videos don't do well. I think this one did good because it's not as django specific
@buzzminkyunghoon3856 5 жыл бұрын
@@codingwithmitch Yeah and also probably includes "Mobile apps" ofcourse
@Денис-ж3ф5р 2 жыл бұрын
Why does your PostMan look like that?
@vkashpoudel8771 3 жыл бұрын
how can we provide random generated password and validate to 3 moths of time farme and then that password expires.please could you help me out. I am confused
@ahmadmohammad7419 4 жыл бұрын
Thank you so much for making such a great course
@sayedaliyahyaazhar4218 4 жыл бұрын
how can I secure my Google Map API key in android?
@stockmarketinusa1251 2 жыл бұрын
HOW TO CONNECT API BETWEEN WEBSITE AND DESKTOP APP
@murodalisharipov5929 3 жыл бұрын
how do you store the token in android app?
@rayaangrewal1035 5 жыл бұрын
8:42 TRUE AF !!!
@riteshkumartiwari153 5 жыл бұрын
Awesome
@andrews13 2 жыл бұрын
4:55
@kokimycat 5 жыл бұрын
My facebook account has been disabled without reason,can you help me please
@andrews13 2 жыл бұрын
5:12
@ashilvass 5 жыл бұрын
😍😍😍
@anthonycalicchio9287 2 жыл бұрын
Yes
@RakibHasan-455 4 жыл бұрын
COOOOOOLLLLLL
@danfan4707 3 жыл бұрын
Food2fork has shut down!!
CodingWithMitch
Рет қаралды 95 М.
Аминка Витаминка
Рет қаралды 3,5 МЛН
Patrick God
Рет қаралды 134 М.
Manoj Deshwal
Рет қаралды 81 М.
Code Realm
Рет қаралды 490 М.
Adam La Morre
Рет қаралды 80 М.