From cd47d6d21c16ec74f211d2eacfcdff5ae00538b6 Mon Sep 17 00:00:00 2001
From: Girish <girishkumarkh@gmail.com>
Date: Wed, 24 Feb 2016 19:04:31 +0000
Subject: [PATCH] Fixed issues #159 #164 CSRF Failed

Fixes: https://github.com/Tivix/django-rest-auth/issues/159 and https://github.com/Tivix/django-rest-auth/issues/164
---
 docs/installation.rst | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/docs/installation.rst b/docs/installation.rst
index 60b47ca..9d1807d 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -20,9 +20,30 @@ Installation
     )
 
 
-.. note:: This project depends on ``django-rest-framework`` library, so install it if you haven't done yet. Make sure also you have installed ``rest_framework`` and ``rest_framework.authtoken`` apps
+.. note:: This project depends on ``django-rest-framework`` library, so install it if you haven't done yet. Make sure also you have ``rest_framework`` and ``rest_framework.authtoken`` added in INSTALLED_APPS
 
-3. Add rest_auth urls:
+3. Remove ``SessionAuthentication`` auth to ``TokenAuthentication``:
+Since this will be a API call form an external service, each API request is passed with a token (or key) to identify users. So we should use ``TokenAuthentication`` instead.
+
+.. code-block:: python
+
+    REST_FRAMEWORK = {
+        'DEFAULT_AUTHENTICATION_CLASSES': (
+            'rest_framework.authentication.SessionAuthentication', # Remove this!
+        )
+    }
+    
+replace with ``rest_framework.authentication.TokenAuthentication``
+
+.. code-block:: python
+
+    REST_FRAMEWORK = {
+        'DEFAULT_AUTHENTICATION_CLASSES': (
+            'rest_framework.authentication.TokenAuthentication',  # Add this instead
+        )
+    }
+
+4. Add rest_auth urls:
 
 .. code-block:: python