I want to create a login form for users to sign into a django site. The site is set up using django rest framework and I am considering having the login form make a request through the site's api.
In the past I have just used a standard django form for user logins. I am concerned that if the new login form sends the request through the site's API instead, there might be a security vulnerability of some sort. However I don't know if this is true, or what the issue with security might actually be.
Should I stick with django forms for authenticating users? Or is it safe to sign users in through the api?
Keep in mind using a Django form will only allow you to use SessionAuthentication under DRF - more notes here. Short of it is to use the Django LoginViews when creating login pages, and the notes on using CSRF tokens if you do use Session Auth with DRF. http://www.django-rest-framework.org/api-guide/authentication/#sessionauthentication
How is the rest of the site set up? Is it an single page app that just happens to be using DRF?