[spapas82]

I'd also written an article on token authentication for django: https://www.spapas.net/2021/08/25/django-token-rest-auth/ using the REST Framework's TokenAuthentication.

This is simplest thing for most cases.

The session authentication that is proposed in the article is also great but has two problems:

* It will be hacky to implement for mobile apps (it should be possible but would not be something I'd like to do, I had tried in the past and remember that I needed to jump to a lot of hoops to "pick" that session cookie)

* The cookies can't be shared between different domains (cookies be shared the same domain or between a parent and child domain, i.e api.example.com can set/get cookies from .example.com).

So you can use the SessionAuthnentication if your frontend and backend share their domain and you know that your API won't ever be used for mobiles apps. On all other cases use TokenAuthentication.

I don't have experience with JWT Authentication, however I know it can be done and is used be various apps f.e baserow: https://gitlab.com/bramw/baserow/-/blob/develop/backend/src/...