Stack Overflow
Stack Overflow

Questions tagged [django-rest-framework-jwt]

213 questions
19
votes
4 answers

Logout Django Rest Framework JWT

I want to ask if it's a good idea to logout when I'm using JWT. To log in, I send a post request with username and password to get the desired token (saved into localStorage) which will allow me to send further requests to views that requires the…
yierstem
  • 1,933
  • 5
  • 21
  • 42
15
votes
3 answers

How to return custom data with Access and Refresh Tokens to identify users in Django Rest Framework simple JWT?

In Django, superuser can add more user according to their roll. I'm using simple JWT with DRF for authentication. But it is impossible to detect the type of user only by seeing the Access and Refresh Tokens. Here are my settings.py…
deepto
  • 181
  • 1
  • 1
  • 6
15
votes
1 answer

Django-rest-auth use cookie instead of Authorization header

I want to build the SPA application using Django Rest Framework as a back-end. The application will use Token authentication. For maximum security, I want to store the authentication token inside of httpOnly cookie, so it will not be accessible from…
user3601262
  • 651
  • 1
  • 7
  • 22
12
votes
1 answer

Modifying jwt access token expiry time in django using simplejwt module

from rest_framework_simplejwt.serializers import TokenObtainPairSerializer from rest_framework_simplejwt.views import TokenObtainPairView from rest_framework_simplejwt.utils import datetime_to_epoch SUPERUSER_LIFETIME =…
Vani Polnedi
  • 595
  • 2
  • 4
  • 19
11
votes
4 answers

type object 'User' has no attribute 'objects django

I am trying to get list of user from API with JWT token so I generated the token and with email and pass and trying to make get request with token but I get this error: File…
afk
  • 528
  • 2
  • 10
  • 26
9
votes
3 answers

How to store JWT tokens in HttpOnly cookies with DRF djangorestframework-simplejwt package?

I've been using djangorestframework-simplejwt for a while and now I want to store the JWT in the cookies (instead of localstorage or front-end states) so that every request that the client makes, contains the token. So did some research on it and…
Jalal
  • 334
  • 1
  • 4
  • 16
8
votes
2 answers

Django JWT authentication - user is anonymous in middleware

I am using Django JWT to power up authentication system in my project. Also, I have a middleware, and the problem is that inside it, the user is anonymous for some reason, while in the view I am able to access the correct user by request.user. This…
Edgar Navasardyan
  • 4,261
  • 8
  • 58
  • 121
8
votes
1 answer

Difference between JWT token expiration_delta and JWT Refresh Expiration Delta django jwt

I am using django rest frameworks JWT library http://getblimp.github.io/django-rest-framework-jwt/ There are two settings on JWT token expiration JWT_EXPIRATION_DELTA which is in seconds The docs on it: You can turn off expiration time verification…
user9487981
8
votes
2 answers

Validate and get the user using the jwt token inside a view or consumer

I am using django-rest-framework for the REST API. Also, for JSON web token authentication I am using django-rest-framework-jwt. After a successful login, the user is provided with a token. I have found how to verify a token with the api call, but…
Robin
  • 5,366
  • 17
  • 57
  • 87
8
votes
2 answers

Django REST JWT Refresh

Implemented Django REST and authentication using JWT. For JWT token we have to refresh it before it expire. After expired JWT wont give new token. For my mobile device I need to refresh the token every 10 mins (JWT_EXPIRATION_DELTA). and if user…
Karesh A
  • 1,731
  • 3
  • 22
  • 47
7
votes
1 answer

Is one authentication method more secure for a Django DRF backend?

I want to use the most secure method to store my logged in users session in a cookie. the backend is built on Django & DRF, so I'm choosing between the simplejwt plugin for token auth or djangos default SessionAuth. the frontend isnt SPA, but will…
yukio
  • 71
  • 2
7
votes
3 answers

Relogin after N minutes with django and JWT

Scenario: I want a user to re-login when passing to a security sensible area after N minutes, e.g. when user is about to pay an order, however he logged in 1 hour ago, I would like to be sure it's him. This by using rest_framework_jwt. Long…
silgon
  • 6,890
  • 7
  • 46
  • 67
6
votes
1 answer

Is possible to put the TokenObtainPairView (django-rest-frakmework-simplejwt) endpoint in Api Root on DRF?

Consider the code below (in urls.py): router = DefaultRouter() router.register('my-endpoint', MyViewSet, basename='mybasename') urlpatterns = [ path('api/v1/', include(router.urls)), path('api/token/', TokenObtainPairView.as_view(),…
Sidon
  • 1,316
  • 2
  • 11
  • 26
6
votes
1 answer

Unauthorized response to POST request in Django Rest Framework with JWT Token

I am building a REST API with Django Rest Framework. I currently have an issue where some of my endpoints return HTTP 401 Unauthorized, whereas the vast majority of my endpoints return correct responses. For authentication I am using JWT tokens with…
anowlinorbit
  • 347
  • 1
  • 2
  • 10
6
votes
1 answer

Django jwt middleware for channels websocket authentication

I'm trying to set a Authentication middleware for django channels. I want this middleware to be active only for websocket requests. Seems like that in this case i don't get a full middleware functionality. For example i can't get response =…
user1935987
  • 3,136
  • 9
  • 56
  • 108
1
2 3
14 15