django-rest-framework-jwt

Django JWT authentication - user is anonymous in middleware

阅读更多关于 Django JWT authentication - user is anonymous in middleware

问题 I am using Django JWT to power up authentication system in my project. Also, I have a middleware, and the problem is that inside it, the user is anonymous for some reason, while in the view I am able to access the correct user by request.user . This issue is driving me crazy because some time ago this code worked perfectly ! Is this JWT's bug or I am doing something wrong ? class TimezoneMiddleware(MiddlewareMixin): def process_request(self, request): # request.user is ANONYMOUS HERE !!!! if

Django-rest-auth use cookie instead of Authorization header

阅读更多关于 Django-rest-auth use cookie instead of Authorization header

问题 I want to build the SPA application using Django Rest Framework as a back-end. The application will use Token authentication. For maximum security, I want to store the authentication token inside of httpOnly cookie, so it will not be accessible from javascript. However, because the cookie is not accessible from the javascript, I am not able to set the 'Authorization: Token ...' header. So, my question is, can I make the DRF auth system (or Django-Rest-Knox/Django-Rest-JWT) to read the

'AnonymousUser' object has no attribute 'is_admin'

阅读更多关于 'AnonymousUser' object has no attribute 'is_admin'

问题 I am using Django 2.2 and Python 3.6. I deployed a Django REST server using AWS EB, but I get the following error. It works fine on the local side, but an error occurs in the EB instance. As a result of my analysis, request.user is recognized normally on the local, but on the EB it is marked as an anonymous user. I am using the same code, but why does this happen? REST_FRAMEWORK = { "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination", "PAGE_SIZE": 10, "DEFAULT

How to return custom data with Access and Refresh Tokens to identify users in Django Rest Framework simple JWT?

阅读更多关于 How to return custom data with Access and Refresh Tokens to identify users in Django Rest Framework simple JWT?

问题 In Django, superuser can add more user according to their roll. I'm using simple JWT with DRF for authentication. But it is impossible to detect the type of user only by seeing the Access and Refresh Tokens. Here are my settings.py file REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAuthenticated',), 'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework_simplejwt.authentication.JWTAuthentication',), } urls.py from django.contrib import admin from django.urls

How to return custom data with Access and Refresh Tokens to identify users in Django Rest Framework simple JWT?

阅读更多关于 How to return custom data with Access and Refresh Tokens to identify users in Django Rest Framework simple JWT?

Django DRF Update User

阅读更多关于 Django DRF Update User

问题 Im trying to create an api using the Django-Rest-Framework (DRF) to CRUD a User. I have managed to create and read a user, but for some reason update will not work. It seems to be that it is trying to create a User rather than update it as it responds with a 'username already exists' error message. When I try passing an email that isn't already in the database it just creates a new user. Does anyone know why this is happening? Here is my User Serializer: class UserSerializer

Django rest framework JWT and custom authentication backend

阅读更多关于 Django rest framework JWT and custom authentication backend

问题 I have a custom user model and have created a custom authentication backend. I am using django rest framework, and django rest framework JWT for token authentication. User model: class User(AbstractBaseUser, PermissionsMixin): email = models.EmailField( unique=True, max_length=254, ) first_name = models.CharField(max_length=15) last_name = models.CharField(max_length=15) mobile = models.IntegerField(unique=True) date_joined = models.DateTimeField(default=timezone.now) is_active = models

Modifying jwt access token expiry time in django using simplejwt module

阅读更多关于 Modifying jwt access token expiry time in django using simplejwt module

问题 from rest_framework_simplejwt.serializers import TokenObtainPairSerializer from rest_framework_simplejwt.views import TokenObtainPairView from rest_framework_simplejwt.utils import datetime_to_epoch SUPERUSER_LIFETIME = datetime.timedelta(minutes=1) class MyTokenObtainPairSerializer(TokenObtainPairSerializer): @classmethod def get_token(cls, user): token = super(MyTokenObtainPairSerializer, cls).get_token(user) token['name'] = user.username token['user_id'] = user.id if user.is_superuser:

Django REST JWT Refresh

阅读更多关于 Django REST JWT Refresh

问题 Implemented Django REST and authentication using JWT. For JWT token we have to refresh it before it expire. After expired JWT wont give new token. For my mobile device I need to refresh the token every 10 mins (JWT_EXPIRATION_DELTA). and if user is not active for more than 10 minutes, then I need to ask to login. Is there any way that I can refresh the token even after JWT token expired. (we can limit the time to refresh as 2 day) Whats the best way to handle this behavior in Mobile. Thanks.

Django REST JWT Refresh

阅读更多关于 Django REST JWT Refresh

Implemented Django REST and authentication using JWT. For JWT token we have to refresh it before it expire. After expired JWT wont give new token. For my mobile device I need to refresh the token every 10 mins (JWT_EXPIRATION_DELTA). and if user is not active for more than 10 minutes, then I need to ask to login. Is there any way that I can refresh the token even after JWT token expired. (we can limit the time to refresh as 2 day) Whats the best way to handle this behavior in Mobile. Thanks. You can use refresh tokens, as defined in Oauth2.0 Refresh tokens are credentials used to obtain access