Tutorials › Django Framework › DRF Authentication

DRF Authentication

6 min read Quiz at the end

Protect DRF endpoints with SimpleJWT and IsAuthenticatedOrReadOnly permissions.

DRF Authentication and Permissions

pip install djangorestframework-simplejwt

# settings.py
REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": [
        "rest_framework_simplejwt.authentication.JWTAuthentication",
    ],
    "DEFAULT_PERMISSION_CLASSES": [
        "rest_framework.permissions.IsAuthenticated",
    ],
    "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
    "PAGE_SIZE": 20,
}

# urls.py
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
urlpatterns += [
    path("api/token/",         TokenObtainPairView.as_view()),
    path("api/token/refresh/", TokenRefreshView.as_view()),
]

# Custom permission
class IsOwnerOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.author == request.user

← Django REST Framework Next: Django Signals →

Topic Quiz · 2 questions

Test your understanding before moving on

1. What does IsAuthenticatedOrReadOnly permission class do?

💡 This is the classic public read/protected write pattern for APIs.

2. What does has_object_permission() check?

💡 has_object_permission() is called for operations on a specific object.

Quick Access

DRF Authentication

DRF Authentication and Permissions

Test your understanding before moving on