Problem

You might use multiple authentication scheme in DRF, for meeting your requirements such as Session, Token, Basic(username and password) Authentication etc.. However it is not that simple to use multiple authentications, because it is not applied for your every APIs, It is changing belong to your type of response.

Although multiple authentication schemes may be in use, only one scheme may be used to determine the type of response. - DRF docs

But In many cases, you want to use those authentication classes in a single request(somebody will say it is not a good practice). That means that you should write your own custom Authentication class.

When I need to use custom Authentication?

1. I want to mix it up in a single class!

   • oh yeah fine, but you should keep the type of your request/response.
   • Or you can check the types in your custom class.

2. I have to classify the tokens not by users, but devices! (or anything)