Are you sure you need to depend on users "logging in" through an API? Most authentication methods used in APIs are stateless and there is no explicit login and logout process. You either include the credentials (be it bearer token, auth header, custom data or whatever) or not. The credentials are checked using authenticate but there is no "logging in" happening: you don't create a session, set cookies etc.
W dniu piątek, 13 stycznia 2017 00:30:11 UTC+1 użytkownik Federico Bond napisał: > > You are right. I was confusing the login view with the login method. The > more concrete problem was that Django REST framework calls authenticate > directly and user_login_failed is sent but never user_logged_in. I realize > though that some of the authentication methods provided by an API don't > have clear login semantics so it makes sense to only send failure events. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0d3da30d-7954-46f3-bcbd-9876ca4a27ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
