I am using Django Rest Framework and i've included a 3rd party package called REST framework JWT Auth. It returns a token when you send a username/password to a certain route. Then the token is needed for permission to certain routes. However, how do I get the username from the token? I've looked all through the package documentation and went through StackOverflow. It is a JSON Web Token and I am assuming there is a method like username = decode_token(token) but I haven't found such a method.
Asked
Active
Viewed 3.0k times
20
OM Bharatiya
- 1,840
- 14
- 23
Gary Holiday
- 3,297
- 3
- 31
- 72
-
You have user object in request. Or you are not doing this in view? – Sardorbek Imomaliev Oct 03 '16 at 04:24
-
I am doing this in view but I am new to Django so I don't fully understand how it works. Can you elaborate? – Gary Holiday Oct 03 '16 at 05:37
-
Add your view code – Sardorbek Imomaliev Oct 03 '16 at 05:52
4 Answers
14
Basically you could do this
username = request.user.username
Sardorbek Imomaliev
- 14,861
- 2
- 51
- 63
-
2Seriously ? @sardorbek Why did you edit my code. I am using Camel Case type of coding. Is it really necessary to code with _ ?. There was no need. – Prakhar Trivedi Oct 03 '16 at 05:59
-
@PrakharTrivedi read pep8 guidlines https://www.python.org/dev/peps/pep-0008/. It is convention for python community – Sardorbek Imomaliev Oct 03 '16 at 06:00
-
3Yeah,I agree with that. But was is really necessary ? There are much better things to do than this. – Prakhar Trivedi Oct 03 '16 at 06:01
-
13@PrakharTrivedi You are answering question of beginner python developer. It is necessary to write answer which complies with python guidlines, because he will copy and paste your code and he will think that this kind of coding style is ok, which is not for our community. – Sardorbek Imomaliev Oct 03 '16 at 06:05
-
Okay Sardorbek. Duly noted (no pun intended). Will keep this in mind from next time. – Prakhar Trivedi Oct 03 '16 at 06:12
-
@PrakharTrivedi thank you) I just want StackOverflow to be as good as possible. – Sardorbek Imomaliev Oct 03 '16 at 06:19
-
Hello Sardorbek. Can you tell where to use this in your DRF Code ? In View? Serializers ? Thanks. – Sami Boudoukha Jul 20 '17 at 19:44
-
2@Addict this can be used everywhere, where `request` object is passed, but usually this is done in a view – Sardorbek Imomaliev Jul 21 '17 at 03:13
12
For me, this worked as RestFrameworkJWT is no longer maintained.
So I used the rest_framework_simplejwt package.
from rest_framework_simplejwt.backends import TokenBackend
token = request.META.get('HTTP_AUTHORIZATION', " ").split(' ')[1]
data = {'token': token}
try:
valid_data = TokenBackend(algorithm='HS256').decode(token,verify=True)
user = valid_data['user']
request.user = user
except ValidationError as v:
print("validation error", v)
Arpan Kushwaha
- 301
- 3
- 6
-
2`verifty=False` - Disabling token verification is insecure, don't do this. – validname Feb 23 '22 at 12:46
-
1
11
For me with Django (2.0.1), djangorestframework (3.7.7), djangorestframework-jwt (1.11.0).
I had to do following to get my use back user from token:
token = request.META.get('HTTP_AUTHORIZATION', " ").split(' ')[1]
print(token)
data = {'token': token}
try:
valid_data = VerifyJSONWebTokenSerializer().validate(data)
user = valid_data['user']
request.user = user
except ValidationError as v:
print("validation error", v)
Or you can write a middleware that would set user based on their token.
OM Bharatiya
- 1,840
- 14
- 23
sadaf2605
- 7,332
- 8
- 60
- 103
-
I'm getting errors can you please share ur entire middleware file – Jameel Grand Apr 02 '18 at 15:57
-
Sorry, this is not what the user has asked for. But you can visit the link, it has entire middleware. – sadaf2605 Apr 02 '18 at 16:28
2
If you are using djangorestframework_simplejwt, to get user object from JWT Token you need to do the following :
token = AccessToken(access_token)
user_id = token.payload['user_id']
user = User.objects.get(id=user_id)
This works well !!
Bhavik Agarwal
- 21
- 2