How to return refresh token as http only cookie from email verification endpoint

Question

I have a DRF API that uses dj_rest_auth with JWT tokens and a React frontend. The project is configured to send the refresh token as an HTTP only cookie.

When a user registers they have to validate their email. Ideally I would like the verify email endpoint provided by dj_rest_auth to set the refresh token cookie, so the user is logged in.

I found a configuration option called: LOGIN_ON_EMAIL_CONFIRMATION but it doesn't seem to do what I need it to do. Perhaps it affects the default confirmation template which I am not using.

score 0 · Answer 1 · answered Aug 16 '22 at 22:47

After a fair bit of tinkering, I managed to get it working with this.

from rest_framework_simplejwt.tokens import RefreshToken, AccessToken
from django.conf import settings
from dj_rest_auth.registration.views import VerifyEmailView

class VerifyAndLoginView(VerifyEmailView):
    def post(self, request):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        self.kwargs['key'] = serializer.validated_data['key']
        confirmation = self.get_object()
        confirmation.confirm(self.request)
        user = confirmation.email_address.user
        refresh = RefreshToken.for_user(user)
        access = AccessToken.for_user(user)
        response = Response(status=status.HTTP_200_OK, data={
            "access": str(access), 
        })
        response.set_cookie(
            settings.JWT_AUTH_REFRESH_COOKIE,
            refresh,
            httponly=True,
        )
        return response

I'm not entirely satisfied with it. I feel like there must be a configuration option that I am missing. But it does work.

How to return refresh token as http only cookie from email verification endpoint

1 Answers1