've been exploring REST frameworks like Django REST Framework (DRF) and Django Ninja, and I noticed that they both introduce their own layers for authentication.
DRF does it in the base class of all REST views.
Django Ninja does it in the router that wraps the views.
This creates separate libraries, like djangorestframework-simplejwt for DRF and django-ninja-simplejwt for Django Ninja.
But Django already has a good auth system with backends that work for all views. Why don’t these frameworks just use Django’s auth backends?
Is Django’s auth system missing something, or do these frameworks need extra features that Django doesn’t provide?
Both those libraries are third-party libraries. In particular, DRF has its own support structure. (This forum is not an official support channel for DRF.) See DRF Support for a listing of those areas where official support is provided. You’re likely to get a more complete answer from one of those locations.
My quick take is that the Django authentication backends expect a username / password to be submitted, and that the validated authentication (with the subsequent authorization) is stored in the session.
If you want to use some type of API key instead of the username / password
combination, or if you don’t want the authentication information stored in the session, then you’re likely going to want to use a different backend.