The Django API is powering a single-page app, so while there are tokens
instead of sessions, from the user point of view there is an explicit login
process to grab a signed token. I wanted to hook to the corresponding
signal to log these login events. It's probably better if I do it inside my
l
Are you sure you need to depend on users "logging in" through an API? Most
authentication methods used in APIs are stateless and there is no explicit
login and logout process. You either include the credentials (be it bearer
token, auth header, custom data or whatever) or not. The credentials ar
You are right. I was confusing the login view with the login method. The
more concrete problem was that Django REST framework calls authenticate
directly and user_login_failed is sent but never user_logged_in. I realize
though that some of the authentication methods provided by an API don't
hav
On Thursday, January 12, 2017 at 11:16:01 PM UTC+1, Federico Bond wrote:
>
> Since backends may call authenticate directly without going through login,
> perhaps it would be best to move the user_login_failed to `login` and let
> custom backends implement both signals manually if they need them
While working on a project that calls the `authenticate` function from
contrib.auth directly, I noticed that the user_login_failed signal is sent
from it but not user_logged_in.
I looked into the code and indeed, the user_logged_in signal is only sent
from the higher-level `login` function. I w