django TokenAuthentication is key always unique inside the authtoken_token table?

Question

I am using:

http://www.django-rest-framework.org/api-guide/authentication#tokenauthentication

In my design this question is crucial:

django TokenAuthentication is key always unique inside the authtoken_token table

I have had a look on database table in mysql. It seems that it should be unique. Correct me if I am wrong.

Answer 1

It should be unique yes, as you can see here it uses os.urandom wrapped inside binascii.hexlify which in turn provides 40 chars randomly which should be enough to prevent clashes.

If you want to be absolutely sure though, combine the user id with the token in the url since the user_id is flagged as unique in the db you can rest assure that there are no doubles.