This is a higher level conceptual question. I use token authentication on my django - react app and I handle the token by saving, retrieving it, and removing it from local storage as necessary. The flow is sort of like this:
- user registers- generate token and save it to local storage
- user logs in - same thing
- user logs out - token is destroyed and removed from local storage
The external API I use also uses token authentication, however I would like to treat it differently as to enhance the user experience. I do not want (aka it is not correct) to generate a new token for the external api every time the user logs in. Upon logging in I would like to retrieve the previously generated token from somewhere, preferably local storage. Saving a token like this in local storage when the user is not logged in is also bad practice. Where is a good place to save this token? Right away I think my django server. However, I feel like it is overkill to generate a whole model for it, or even to create a new attribute for my user, since I would have to create a custom user model (I am using the built-in user model from Django). So...thoughts?
request.sessionand delete that session with the logout process. Then check for something liketry: request.session["token"] == token except ...and create a new one if it does not exist. check for ` 'django.contrib.sessions.middleware.SessionMiddleware'` in the middleware.