-
Notifications
You must be signed in to change notification settings - Fork 661
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for django-rest-framework-simplejwt as JWT authentication backend #430
Comments
Yes I need to implement the viewsets.ModelViewSet with authentication_classes for specific action. For example update or create new instance. Thank's in advance. |
So I don't use https://github.com/GetBlimp/django-rest-framework-jwt but I have to use django-rest-framework-simplejwt? Correct? But is possible for specific action like update or create ? |
@JoelGoh92 But I have the JWT thanks to a keycloak |
@Allan-Nava currently for our project, we're not using the rest-auth jwt setup defined in the docs. Instead, after setting up simple-jwt with the steps in the docs, and configuring the settings, we then wrote our own JWTSocialLoginView, JWTLoginView and JWTLogoutView, which were fairly simple, and used them in the required areas. However I still feel that it is better if these changes were to be supported and maintained by rest-auth instead. |
So is not possible in modelviewsets?
Inviato da iPhone
… Il giorno 09 mag 2018, alle ore 12:27, JoelGoh92 ***@***.***> ha scritto:
@Allan-Nava currently for our project, we're not using the rest-auth jwt setup defined in the docs. Instead, after setting up simple-jwt with the steps in the docs, and configuring the settings, we then wrote our own JWTSocialLoginView, JWTLoginView and JWTLogoutView, which were fairly simple, and used them in the required areas.
However I still feel that it is better if these changes were to be supported and maintained by rest-auth instead.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@Allan-Nava It may be possible, but I would not recommend the model viewsets though, because these defined view classes will be used in a similar way as to how the current LoginView/SocialLoginView/LogoutView provided by rest-auth are used, and we only need to override the rest-auth implementations' required methods for the JWT token response and usage flow. The JWT views I mentioned previously are inheriting from the respective classes rest-auth provides, e.g. class JWTSocialLoginView (SocialLoginView):
def get_response (self):
# override method(s) for JWT implementation
# get JWT token via the simple-jwt package
# return the generated token in the response This is because such a class will be reused in a similar manner, e.g. the JWTSocialLoginView defined will be used similarly to how the SocialLoginView provided by rest-auth for OAuth apps is used, other than returning the JWT token(s) in the response |
Rather there are a few reasons why this issue is raised:
|
But is possibile to use the permission class only for specific action like update or delete? |
@Allan-Nava I think the use of JWT here is more for authentication. With DRF, you can set it up pretty easily, e.g. as a default authentication class. If you're looking to implement permissions control, I would advise you to look at DRF's docs on permissions control. This should not have anything to do with whether you're using jwt as an auth mechanism. |
While |
It would be good to have |
Just throwing my support behind django-rest-framework-simplejwt. Would be a huge benefit and streamline the whole authentication workflow. Also simplejwt implements refresh and access tokens per Joel above unlike the seemingly aging regular jwt implementation. |
+1 on this. Please add support to django-rest-framework-simplejwt |
+1, I would also love to have support for simplejwt! |
+1 for the support of simplejwt |
1 similar comment
+1 for the support of simplejwt |
As per the latest status update on the |
+1 for the support of simplejwt! |
@JoelGoh92 can you please be more specific about the solution of the problem? I'm not so confident with all the LoginView/SocialLoginView/LogoutView overriding thing you suggested |
This issue is more than year old. Does someone has a PR for this or suggestion on how to implement it? I just don't want to reinvent the wheel and can work on some other issue. |
How to use django-rest-framework-simplejwt as auth backend for django-rest-auth. Note: your needs may differ slightly based on how you implemented rest-auth. First off, make sure you set simplejwt as your auth provider in settings.py:
Next, look at your urls.py for where you route the rest-auth endpoints:
You need to override the /rest-auth/login/ path with the login view from django-rest-framework-simplejwt by including it before the rest-auth urls. Here's how:
This'll get you started but there may be other routes you may need to override/create (e.g. logout). If you want the token login response to have non-default data, then you can override TokenObtainPairView with a custom serializer. Finally, because you're migrating from drf-jwt, you may need to change the auth header in settings.py to:
The above worked for me, but was specific to my use case. |
Thanks @NidalM. This is helpful. However, I'm actually going to use Simple-JWT for both email login as well as social login and I was trying to avoid writing my own end points for all the features supported by this library. |
plus 1 for simple_jwt! Commenting to follow this chain |
As many others requested... Out of the box simplejwt support would make things so much easier. It's also the suggested JWT package by DRF. |
+1 for simple JWT! It's an awesome library! |
This may be helpful for those who are looking only for JWT Logins using SimpleJWT. |
+1 for the support of simplejwt |
+1 please, this library is extremely useful however the Django token authentication is simply too insecure for my taste. |
Try this one |
+1 for simple_JWT |
+1 |
1 similar comment
+1 |
+1 simple_JWT |
+1 simpleJWT |
2 similar comments
+1 simpleJWT |
+1 simpleJWT |
+1 simpleJWT pls! |
+1 for simpleJWT |
Django-rest-auth was forked to dj-rest-auth. See #568 for some info. Lets hope this one becomes the new go to, it seems promising so far. For all the people requesting simpleJWT, there's a pull request (ready to merge) in the new repo to add simplejwt support. iMerica/dj-rest-auth#3 |
+1 simple JWT |
4 similar comments
+1 simple JWT |
+1 simple JWT |
+1 simple JWT |
+1 simple JWT |
This works for me))
|
+1 simpleJWT |
According to issue #5838 on the DRF repository and a PR raised there, django-rest-framework-simplejwt provides an alternative approach over django-rest-framework-jwt, with regards to security and implementation of JWT as an authentication mechanism. Hence, I'm curious if you guys will be planning to include the simplejwt package as a supported JWT backend? Thanks
The text was updated successfully, but these errors were encountered: