由deafult DRF不支持查询字符串进行身份验证,但您可以轻松地覆盖TokenAuthentication
类中的authenticate
方法来支持它。
一个例子是:
class TokenAuthSupportQueryString(TokenAuthentication):
"""
Extend the TokenAuthentication class to support querystring authentication
in the form of "http://www.example.com/?auth_token=<token_key>"
"""
def authenticate(self, request):
# Check if 'token_auth' is in the request query params.
# Give precedence to 'Authorization' header.
if 'auth_token' in request.QUERY_PARAMS and \
'HTTP_AUTHORIZATION' not in request.META:
return self.authenticate_credentials(request.QUERY_PARAMS.get('auth_token'))
else:
return super(TokenAuthSupportQueryString, self).authenticate(request)