JSON Web Token based authentication for Django REST framework
Project description
Overview
This package provides JSON Web Token Authentication support for Django REST framework.
If you want to read more about JWT, here’s a great blog post by the guys at Auth0 that talks about Cookie vs Token based authentication.
Installation
Install using pip…
$ pip install djangorestframework-jwt
Usage
In your settings.py, add JSONWebTokenAuthentication to Django REST framework’s DEFAULT_AUTHENTICATION_CLASSES.
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}In your urls.py add the following URL route to enable obtaining a token via a POST included the user’s username and password.
urlpatterns = patterns(
'',
# ...
url(r'^api-token-auth/', 'rest_framework_jwt.views.obtain_jwt_token'),
)You can easily test if the endpoint is working by doing the following in your terminal, if you had a user created with the username admin and password abc123.
$ curl -X POST -d "username=admin&password=abc123" http://localhost:8000/api-token-auth/Alternatively, you can use all the content types supported by the Django REST framework to obtain the auth token. For example:
$ curl -X POST -H "Content-Type: application/json" -d '{"username":"admin","password":"abc123"}' http://localhost:8000/api-token-auth/Now in order to access protected api urls you must include the Authorization: JWT <your_token> header.
$ curl -H "Authorization: JWT <your_token>" http://localhost:8000/protected-url/Refresh Token
If JWT_ALLOW_REFRESH is True, issued tokens can be “refreshed” to obtain a new brand token with renewed expiration time. Add a URL pattern like this:
url(r'^api-token-refresh/', 'rest_framework_jwt.views.refresh_jwt_token'),Pass in an existing token to the refresh endpoint as follows: {"token": EXISTING_TOKEN}. Note that only non-expired tokens will work. The JSON response looks the same as the normal obtain token endpoint {"token": NEW_TOKEN}.
$ curl -X POST -H "Content-Type: application/json" -d '{"token":"<EXISTING_TOKEN>"}' http://localhost:8000/api-token-refresh/Refresh with tokens can be repeated (token1 ->
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file djangorestframework-jwt-1.0.2.tar.gz.
File metadata
- Download URL: djangorestframework-jwt-1.0.2.tar.gz
- Upload date:
- Size: 12.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
741c3548ea9bbdcabcc26500d7e20c0f693914038f0c541121a5eee602bd46e0
|
|
| MD5 |
7629667115b182c3ff2dd771efb3a8ea
|
|
| BLAKE2b-256 |
07f94f1d1df596bc2e9233c8af5e82f4911591d2f0d03a2c92308975520ae666
|
File details
Details for the file djangorestframework_jwt-1.0.2-py2.py3-none-any.whl.
File metadata
- Download URL: djangorestframework_jwt-1.0.2-py2.py3-none-any.whl
- Upload date:
- Size: 16.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
65aa442d6ccb248dfa1d420b6892900c3baed8ca4d163beaa092a5720a811094
|
|
| MD5 |
a8e2cf8255bbc22bdd9736e88fee4da1
|
|
| BLAKE2b-256 |
8acfd6908a0ac13145f666ab2dc009f4e508fe1bf751b68950b6039b6aa71a07
|
