Migrate Authentication from Django Sessions to JWT

Description / Overview

Migrate the existing Django Session Authentication to a JSON Web Token (JWT) based one.

Use cases

Migrating to a JWT based authentication provides sereveral benefits:

• Since the Token is not stored as a cookie, the api is not vulnerable to CSRF
• unless the Token is stored in e.g. localStorage, the user will be automatically logged out once he closes the app (i see this as a feature)

Links / references

https://github.com/GetBlimp/django-rest-framework-jwt http://blog.apcelent.com/json-web-token-tutorial-with-example-in-python.html

Migration checklist

• Add djangorestframework-jwt as a dependency
• define api endpoints to obtain tokens (use rest_framework_jwt.views.obtain_jwt_token)
• Change default.py accordingly