Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django + JSON web tokens + disabling session-based authorization

I am currently working on a Django project that wants to replace and disable Django's traditional cookie-based sessions and replace it with JSON web tokens as a means of user authentication for a user on my website.(User Authentication for the 'login-required' part of the website instead of just REST API's).

How I want JSON web tokens to be used in my web app: The login page will make an API call and receive a JSON web token as a response and the JSON web token will be stored through (local storage, session storage, or cookies). The JSON web token will be passed in the HTTP header in subsequent HTTP requests (after logging in) so that the server knows we are an authorized user.

Some of the libraries that I have looked at is the 'djangorestframework' library. It seems to protect certain URLS concerning a site's API (not what I want). Are there any libraries that can replace the normal 'cookie-based' sessions Django uses with JSON web tokens and have the normal functionality of 'cookie-based' session authorization scheme(Normal meaning 'logging a user in and logging a user out works on the site as well as in the Django's default admin panel') If so, how do I integrate that library with my current web app to achieve normal functionality?

I also want the traditional 'cookie-based' sessions to be disabled. How do I completely disable it so user authentication is done only with JSON web tokens?

like image 779
BudaeJjigae Avatar asked Jun 20 '16 21:06

BudaeJjigae


1 Answers

Simply use jwt to authentication class.

JSON Web Token Authentication

JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. Blimp maintains the djangorestframework-jwt package which provides a JWT Authentication class as well as a mechanism for clients to obtain a JWT given the username and password

Also set default authentication class to jwt and determine setting in setting.py like :

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'oauth2_provider.ext.rest_framework.OAuth2Authentication',
)

}

like image 84
Hamed Rostami Avatar answered Oct 02 '22 11:10

Hamed Rostami