django-simple-third-party-jwt-dev-dashboard 0.0.1

Dashboard for using JWT with 3rd party login.

Django Simple 3rd Party JWT Dev Dashboard

This is a simple dashboard for showing multi login(JWT, session and 3rd party).

Dashboard is used with Django-Simple-3rd-Party-JWT.

Installation

pip install django-simple-third-party-jwt-dev-dashboard

Check it in Pypi.

Quick Start

• settings.py

Add the followings to your settings of project.

• (MUST) Install app

INSTALLED_APPS += [
    # ---------------------------
    # debug relative package
    "rest_framework", # <------ MUST
    #"drf_yasg", # for swagger, optional
    'bootstrap3', # <------ MUST
    # debug dashboard
    'django_simple_third_party_jwt_dev_dashboard', # <------ MUST
    # 3rd party login
    'django_simple_third_party_jwt' # <------ MUST
    # ---------------------------
]

• (MUST) Dashboard settings

# -------------- START - Dashboard Setting --------------
DEV_DASHBOARD_SETTINGS = {
    'jwt_token_url': 'api/auth/token',
    'jwt_refresh_url': 'api/auth/token/refresh',
    'jwt_verify_url': 'api/auth/token/verify',
    'dashboard_url': 'api/__hidden_dev_dashboard',
    'third_party_jwt_url': 'api/auth/google',
    'admin_url': 'api/__hidden_admin',
    #'swagger_url': 'api/__hidden_swagger', # optional
    #'redoc_url': 'api/__hidden_redoc', # optional
}
# --------------- END - Dashboard Setting -----------------

• (MUST) Policy for Google API

# -------------- START - Policy Setting --------------
SECURE_REFERRER_POLICY = "no-referrer-when-downgrade"
# SECURE_CROSS_ORIGIN_OPENER_POLICY = "same-origin-allow-popups"
SECURE_CROSS_ORIGIN_OPENER_POLICY = None
# -------------- END - Policy Setting -----------------

• (Optional) Configuration for Google Login(default)

# -------------- START - Google Auth Setting --------------
SOCIAL_GOOGLE_CLIENT_ID = "376808175534-d6mefo6b1kqih3grjjose2euree2g3cs.apps.googleusercontent.com" # default
VALID_REGISTER_DOMAINS = ["gmail.com"] # default
# --------------- END - Google Auth Setting -----------------

• urls.py

URL path for dashboard.

# --------------- 3rd party login
# app route
urlpatterns += [
    # google login
    path(settings.DEV_DASHBOARD_SETTINGS['third_party_jwt_url'] + "/", include("django_simple_third_party_jwt.urls")),
]
# ------------------------------

# --------------- Dashboard
urlpatterns += [
    # debug dashboard
    path(settings.DEV_DASHBOARD_SETTINGS['dashboard_url'] + "/", include("django_simple_third_party_jwt_dev_dashboard.urls")),
]
# ------------------------------

# --------------- Admin
urlpatterns += [
    # admin
    path(settings.DEV_DASHBOARD_SETTINGS['admin_url'] + "/", admin.site.urls),
]
# ------------------------------

# --------------- JWT
from rest_framework_simplejwt.views import (
    TokenVerifyView, TokenObtainPairView, TokenRefreshView
)
urlpatterns += [
    path(settings.DEV_DASHBOARD_SETTINGS['jwt_token_url'], TokenObtainPairView.as_view(), name="token_get"),
    path(settings.DEV_DASHBOARD_SETTINGS['jwt_refresh_url'], TokenRefreshView.as_view(), name="token_refresh"),
    path(settings.DEV_DASHBOARD_SETTINGS['jwt_verify_url'], TokenVerifyView.as_view(), name="token_verify"),
]
# ---------------------------------

When you added all settings, just run:

python manage.py runserver 0.0.0.0:8000

And visit http://localhost:8000/api/__hidden_dev_dashboard

More

There are several different settings can be added with this dashboard if you need.

• CORS Setting

ALLOWED_HOSTS = ["*"]
LOGIN_REDIRECT_URL = "/"

# -------------- START - CORS Setting --------------
CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOW_CREDENTIALS = True
CSRF_TRUSTED_ORIGINS = [
    "http://127.0.0.1",
    "http://localhost",
]
# -------------- END - CORS Setting -----------------

• Swagger setting

# -------------- Swagger Setting --------------
SWAGGER_SETTINGS = {
    "SECURITY_DEFINITIONS": {
        "Token(add prefix `Bearer` yourself)": {
            "type": "apiKey",
            "name": "Authorization",
            "in": "header",
        }
    },
    "LOGIN_URL": "/api/__hiddenadmin/login/",
    "LOGOUT_URL": "/api/__hiddenadmin/logout/",
}

# --------------------------------------------

• SimpleJWT setting

# -------------- Start - SimpleJWT Setting --------------
from datetime import timedelta
SIMPLE_JWT = {
    "ACCESS_TOKEN_LIFETIME": timedelta(minutes=3600),
    "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
    "ROTATE_REFRESH_TOKENS": False,
    "BLACKLIST_AFTER_ROTATION": False,
    "UPDATE_LAST_LOGIN": False,
    "ALGORITHM": "HS256",
    "SIGNING_KEY": SECRET_KEY,
    "VERIFYING_KEY": None,
    "AUDIENCE": None,
    "ISSUER": None,
    "JWK_URL": None,
    "LEEWAY": 0,
    "AUTH_HEADER_TYPES": ("Bearer",),
    "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
    "USER_ID_FIELD": "id",
    "USER_ID_CLAIM": "user_id",
    "USER_AUTHENTICATION_RULE": "rest_framework_simplejwt.authentication.default_user_authentication_rule",
    "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
    "TOKEN_TYPE_CLAIM": "token_type",
    "TOKEN_USER_CLASS": "rest_framework_simplejwt.models.TokenUser",
    "JTI_CLAIM": "jti",
    "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
    "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
    "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),
}
# -------------- END - SimpleJWT Setting --------------