Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django + JSON web tokens + disabling session-based authorization

Tags:

django

session-cookies

django-authentication

django-rest-framework

json-web-token

I am currently working on a Django project that wants to replace and disable Django's traditional cookie-based sessions and replace it with JSON web tokens as a means of user authentication for a user on my website.(User Authentication for the 'login-required' part of the website instead of just REST API's).

How I want JSON web tokens to be used in my web app: The login page will make an API call and receive a JSON web token as a response and the JSON web token will be stored through (local storage, session storage, or cookies). The JSON web token will be passed in the HTTP header in subsequent HTTP requests (after logging in) so that the server knows we are an authorized user.

Some of the libraries that I have looked at is the 'djangorestframework' library. It seems to protect certain URLS concerning a site's API (not what I want). Are there any libraries that can replace the normal 'cookie-based' sessions Django uses with JSON web tokens and have the normal functionality of 'cookie-based' session authorization scheme(Normal meaning 'logging a user in and logging a user out works on the site as well as in the Django's default admin panel') If so, how do I integrate that library with my current web app to achieve normal functionality?

I also want the traditional 'cookie-based' sessions to be disabled. How do I completely disable it so user authentication is done only with JSON web tokens?

like image 779
BudaeJjigae Avatar asked Jun 20 '16 21:06

BudaeJjigae

1 Answers

Simply use jwt to authentication class.

JSON Web Token Authentication

JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. Blimp maintains the djangorestframework-jwt package which provides a JWT Authentication class as well as a mechanism for clients to obtain a JWT given the username and password

Also set default authentication class to jwt and determine setting in setting.py like :

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'oauth2_provider.ext.rest_framework.OAuth2Authentication',
)

}

like image 84
Hamed Rostami Avatar answered Oct 02 '22 11:10

Hamed Rostami
Sign in to Comment

Related questions

How to enable logging of django rest api CRUD operations in django_admin_log?
Celery + RabbitMQ + "A socket error ocurred"
Django REST Framework: How to add prefix in URL for versioning
Django exceeds maximum Postgres connections
Why is this Django (1.6) annotate count so slow?
Django - Datamigration for external app
Change the order in which Django migrate app during testing
How to set primary key, then convert to autofield?
triggering different app environments with pyenv-virtualenv
django rest framework 3 ImageField send ajax result “No file was submitted.”
Django + Gunicorn + nginx yields very poor performance. Can't get even 8 qps
Django Foreign Key to_field
Get Python type of Django's model field?
In Django, how can I inherit a model that's not abstract as if it were abstract, so that I get a single table in the DB?
How to invalidate cache_page in Django?
Showing server errors in test output during Django StaticLiveServerTestCase?
What is the best design pattern for batch insertion using the Django REST Framework?
Why Django's related_model property is returning string instead of Model instance?
simply trying to use the form I've used in the one template to another
Why is django_migrations table in all databases

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!