Return user profile after successful login about django-rest-registration HOT 6 CLOSED

@chriggi
Yes, currently that's the way to do it. You need to perform 2 separate API calls.

Theoretically you could return profile data in the login view, but you have to remember that in case of token-based authentication you need to return the token as well. There is no canonical way how it is supposed to work (either you should mix the token into the profile data which spoils the schema; or provide additional ugly data "envelope" (a JSON dict, I suppose) to separate the token and profile data).

I'm not a fan of mixing responsibilities of API endpoints. Django REST Registration allows only one exception for this case, which is 'REGISTER_VERIFICATION_AUTO_LOGIN' (which is opt-in). In this case the reason of having the login functionality in register verification was functional, not technical: the user can be logged in automatically after verification and he does not have to re-enter the password.

In case of returning profile data in login the only advantage I see is technical (there is 1 request instead of 2). The user who is trying to log-in does not care about that.

from django-rest-registration.

I am using api through ajax, I logged In getting this '{ "detail": "Login successful" }' but the problem is when I calling profile api this showing me error that I am not authenticated and in chrome developer tools I am not able to see any cookies of sessionid and csrftoken, Now I am unable to solve this problem please tell me the solution. I explained it on stackoverflow I am adding link here: https://stackoverflow.com/questions/56406021/cant-set-cookies-with-ajax-and-django-rest-framework-api-but-with-postman-it-is . please answer me as soon as possible.

from django-rest-registration.

@Jbdealord Generally using Django sessions across different domains (like in your example localhost:63342 and localhost:8000, where you don't have same origin because the ports differ) will not work, see: https://stackoverflow.com/questions/27216556/how-to-deal-with-a-front-end-that-does-not-share-the-same-domain-in-django
At least this was my experience when I tried to use session based authentication using two domains some time ago (AFAIR meddling with CORS didn't help).
If you're using any development server for javascript, you should rather configure it in a way so it will proxy all calls to http://localhost:63342/api/... to http://localhost:8000/api/...

from django-rest-registration.

but how postman api tool can get cookies, is it using proxy ? I observed one thing when postman sending request to my server It sending a csrftoken from its side and the rest framework UI also send csrf token with header then they get cookies but I don't know how I can send csrf token from frontend.
I did not understand this if in postman I can login and get cookies then I can also do but how ?

from django-rest-registration.

@Jbdealord
I didn't use postman a lot of time, so I don't have good experience to answer this question. It is possible that your browser has some additional security checks preventing using session cookie cross-domain, like it was mentioned in the SO post I linked above:

While you can work around this slightly with CORS and withCredentials, this may be blocked by default in some browsers.
https://stackoverflow.com/questions/14221722/set-cookie-on-browser-with-ajax-request-via-cors/16634941#16634941

from django-rest-registration.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

from django-rest-registration.