JSON Web Tokens with a Knox-powered database backend
DRF JWT + Knox
This package aims to take the better parts of both worlds, including:
- Expirable tokens: The tokens may be manually expired in the database, so a user can log out of all other logged-in places, or everywhere.
- Different tokens per login attempt (per user-agent), meaning that a user’s session is tied to the specific machine and logging can be segregated per usage.
- JWT-based tokens, so the token can have an embedded expiration time, and further metadata for other applications.
- Tokens are generated via OpenSSL so that they are cryptographically more secure.
- Only the tokens’ hashes are stored in the database, so that even if the database gets dumped, an attacker cannot impersonate people through existing credentials
- Other applications sharing the JWT private key can also decrypt the JWT
Add this application and knox to INSTALLED_APPS in your settings.py.
Then, add this app’s routes to some of your urlpatterns.
You can use the verify endpoint to verify whether a token is valid or not (which may be useful in a microservice architecture).
Tests are automated with tox and run on Travis-CI automatically. You can check the status in Travis, or just run tox from the command line.
This project uses the GitHub Flow approach for contributing, meaning that we would really appreciate it if you would send patches as Pull Requests in GitHub. If for any reason you prefer to send patches by email, they are also welcome and will end up being integrated here.
This code is released under the Apache Software License Version 2.0.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|drf_jwt_knox-0.1.0-py2.py3-none-any.whl (10.3 kB) Copy SHA256 hash SHA256||Wheel||py2.py3||Oct 11, 2016|
|drf-jwt-knox-0.1.0.tar.gz (10.8 kB) Copy SHA256 hash SHA256||Source||None||Oct 11, 2016|