0

I have a simple Django app managing user autentication and registration with dj-rest-auth and JWT. Accorging to the docs, I have set the the app to use JWT with the plugin simple-jwt with settings.py:

  • JWT_AUTH_COOKIE = 'my-app-auth'
  • JWT_AUTH_REFRESH_COOKIE = 'my-refresh-token'

Expected behaviour: Cookies should be set on /dj-rest-auth/login/ and /token/refresh

Issue: Cookies are set correctly ONLY on /dj-rest-auth/login/, but not on /token/refresh.

This issue is not something new, since it is supposed to be solved here and here.

So, I also added the suggested middleware.

Here my settings.py:

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ 'dj_rest_auth.jwt_auth.JWTCookieAuthentication', ] }

REST_USE_JWT = True
JWT_AUTH_COOKIE = 'my-app-auth'
JWT_AUTH_REFRESH_COOKIE = 'my-refresh-token'

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'auth_app.middleware.MoveJWTRefreshCookieIntoTheBody'
]

and my urls.py:

from django.contrib import admin
from django.urls import path
from django.conf.urls import include, url, re_path

from auth_app import views

# JWT CONF
from rest_framework_simplejwt.views import (
    TokenRefreshView,
    TokenVerifyView,
)

from dj_rest_auth.registration.views import VerifyEmailView, RegisterView
from dj_rest_auth.views import PasswordResetConfirmView
from allauth.account.views import confirm_email

urlpatterns = [
    path('admin/', admin.site.urls),
    path('token/verify/', TokenVerifyView.as_view(), name='token_verify'),
    path('token/refresh/', TokenRefreshView().as_view(), name='token_refresh'),
    path('api/protected/', views.ProtectedView.as_view(), name='protected_view'),
    path('api/open/', views.OpenView.as_view(), name='open_view'),
    # dj-rest-auth common
    path('dj-rest-auth/', include('dj_rest_auth.urls')),
    # dj-rest-auth registration
    path('dj-rest-auth/registration/', include('dj_rest_auth.registration.urls')),
    path('dj-rest-auth/account-confirm-email/', VerifyEmailView.as_view(), name='account_email_verification_sent'),
    re_path(r'^account-confirm-email/(?P<key>[-:\w]+)/$', VerifyEmailView.as_view(),
     name='account_confirm_email'),
    path(
        'rest-auth/password/reset/confirm/<slug:uidb64>/<slug:token>/',
        PasswordResetConfirmView.as_view(), name='password_reset_confirm'
    ),
]

I have been checking my with the solutions provided for long long time, but still no cookie set on refresh endpoint. Am I missing something?

user840718
  • 1,563
  • 6
  • 29
  • 54

1 Answers1

0

I SOLVED this issue!

If anybody in future will struggle with this, here to solution: in urls.py you have to substitute the simplejwt TokenRefreshView with get_refresh_view() which belong to dj-rest-auth.

In other words, the right JWT configuration is:

# JWT CONF
from rest_framework_simplejwt.views import TokenVerifyView
from dj_rest_auth.jwt_auth import get_refresh_view
user840718
  • 1,563
  • 6
  • 29
  • 54