I'm working on a mobile application and I need to create a token-authentication workflow.
So far I've pointed out main token:
Token by reference, that are store in database, like (https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication)
Token by Value, that after the user logs in, the backend returns access_token and refresh_token.
Now what's the best implementation for a mobile application? I'm not handling money or something else, so it's not necessary to request user login-in again every time it opens the app. I just want to create something like instagram or any other social-media platforms.
Actually I'm using the TokenAuthentication provided by django-rest-framework, but the tokens lasts only 40 characters, and it's registered in the database, so it seems not so secure.
If you have any suggestions or if you can link me some articles, it could be really helpful.
Thank you
