The setup is pretty simple: Instead of users, I want to authenticate a token based on model and field that I've created. The notion here is that organizations will be issued a token, and not users since this API isn't being consumed directly by users, but I will auth/silo data by org. All that said, I'm struggling trying to map this out as I think the auth strategies given for DRF seem to rely on the auth.user being created.
Here's an example of what I'd like to do (basically ripped from the docs):
from api.models import Organization
from rest_framework import authentication
from rest_framework import exceptions
class OrgAuthentication(authentication.BaseAuthentication):
def authenticate(self, request):
token = request.META.get('AUTH_TOKEN')
if not token:
raise exceptions.AuthenticationFailed("Token missing")
try:
org = Organization.objects.get(auth_token=token)
print(org)
except Organization.DoesNotExist:
raise exceptions.AuthenticationFailed("Token not found")
return (org, None)
In a quick brute force test this failed because my Organization model doesn't have an is_authenticated property, but I'm also not sure that I can do any of this as I'm completely bypassing the user auth setup in its entirety. I think I could register each org as a user and then use the Token setup to do all of this, but that seems to not only hack the user module and make work later if we want to use that, but also seems weird.
Are there options with DRF for token authentication against something that's not the standard user module?
