Difference between authentication classes and permission classes | Django | Page 1

molten garden Dec 10, 2024, 12:59 AM

#

What is the difference between authentication classes and permission classes, and how are they related?

glad adder Dec 10, 2024, 1:18 AM

#

well, the word "authentication" means "seeing if someone is who they say they are".

#

and the word "permission" means "seeing if someone is allowed to do something".

#

so you generally want to do both: first, figure out if someone is who they say they are (and if not, you tell them to drop dead); then once you're sure you know who they are, you see if they are allowed to do the thing they're trying to do.

molten garden Dec 10, 2024, 2:09 AM

#

But how "IsAuthenticated" class connects to "JWTAuthentication"? What is the code flow?

glad adder Dec 10, 2024, 3:07 PM

#

no idea. Never heard of those classes.

#

django has an is_authenticated method, fwiw

Django Project

django.contrib.auth | Django documentation

The web framework for perfectionists with deadlines.

lucid juniper Dec 10, 2024, 3:09 PM

#

I assume you're talking about DRF's IsAuthenticated permission class? That just checks whether request.user.is_authenticated is True

lucid juniper Dec 10, 2024, 3:10 PM

#

glad adder django has [an is_authenticated *method*](https://docs.djangoproject.com/en/5.1/...

attribute, if we're being picky about terms 😆

glad adder Dec 10, 2024, 3:10 PM

#

are we? 🤔

half tulip Dec 10, 2024, 5:58 PM

#

property? 🙉

#Difference between authentication classes and permission classes