Django-rest-auth use cookie instead of Authorization header
I would override the authenticate method of TokenAuthentication
, assuming the token is in auth_token
cookie:
class TokenAuthSupportCookie(TokenAuthentication): """ Extend the TokenAuthentication class to support cookie based authentication """ def authenticate(self, request): # Check if 'auth_token' is in the request cookies. # Give precedence to 'Authorization' header. if 'auth_token' in request.COOKIES and \ 'HTTP_AUTHORIZATION' not in request.META: return self.authenticate_credentials( request.COOKIES.get('auth_token').encode("utf-8") ) return super().authenticate(request)
Then set django-rest-framework to use that class in settings:
REST_FRAMEWORK = { # other settings... 'DEFAULT_AUTHENTICATION_CLASSES': ( '<path>.TokenAuthSupportCookie', ),}