I am planning to build an application with Django Rest Framework. I'm more interested in using Django-Rest-Framework-JWT authentication mechanism than Session or Token authentication mechanism.
But all the other packages like Django-Rest-Auth and Djoser (which helps in registrations process) uses Session and Token Authentication system.
How do I override the Token authentication mechanism in Djoser or Django-Rest-Auth with Django-Rest-Framework-JWT?
Djoser is a simple authentication library for Django. It is used to generate tokens for authentication; this generated token is generated by taking three fields: username, email and password. It only works on POST request, but you can add its frontend.
JSON Web Token Authentication Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. A package for JWT authentication is djangorestframework-simplejwt which provides some features as well as a pluggable token blacklist app.
I know this question is almost a year old, but I just figured out how to get Djoser and django-rest-knox to play along and sure enough the same technique worked with djangorestframework-jwt as well. The trick is knowing that you can use Djoser's account endpoints without using its auth-related endpoints. You just have to put each library on its own endpoint.
Here's how I set up Django Rest Framework to use JWTs to log in and authenticate against Djoser endpoints (I'm going to take it from start to finish):
First, install djangorestframework-jwt and djoser:
pip install djangorestframework-jwt djoser
Specify that you want to use JWTs to authenticate by adding JSONWebTokenAuthentication
to DEFAULT_AUTHENTICATION_CLASSES
in your Django project's settings.py
:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
Next, Add djoser.urls
and rest_framework_jwt's obtain_jwt_token
view to your urls:
from django.conf.urls import url, include
from rest_framework_jwt import views as jwt_views
urlpatterns = [
url(r'^account/', include('djoser.urls')),
url(r'^auth/login/', jwt_views.obtain_jwt_token, name='auth'),
]
That should be everything you need to get started. Just to be safe, run a migrate
(I spun up a brand-new instance of Django Rest Framework for this post and hadn't yet run the initial commits before this point):
python manage.py migrate
To test things out, create a new user if you don't already have one:
python manage.py createsuperuser
Once you have a user account, runserver
and then try logging in to get your JWT:
http POST http://localhost:800/auth/login/ username=admin password=password
You should get back a token:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc-wxjjQtcEjwAI6bTLWRM"
}
You can then use this token to authenticate against Djoser's /me/ endpoint to get your profile information. Just include your token within your request's header as Authorization: JWT:
http http://localhost:8000/account/me/ "Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc-wxjjQtcEjwAI6bTLWRM"
Here's what I got back:
{
"email": "",
"id": 2,
"username": "admin"
}
As you can see, it's pretty easy to start using JWTs for authentication. My guess is that libraries like djoser and django-rest-auth focus on Basic, Session, or Token authentication because they're included out of the DRF box and thus are probably the most common method by which people authenticate calls against their server.
The beauty of all this is that it's easy to implement a more secure authentication scheme because Djoser isn't tightly coupled to its own authentication classes - it'll happily respect whatever you set for DEFAULT_AUTHENTICATION_CLASSES
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With