Implementation of JWT authentication functionality in Django REST Framework using djoser
What is djoser
djoser is a library that supports basic user authentication and registration on the Django REST Framework. It can also be used for custom models, and is designed for an architecture that fits better with a Single Page Application (SPA) rather than reusing Django's code.
Simpler authentication settings are explained at here.
This time I will write about the implementation of the authentication function using JWT (JSON Web Token) with djoser.
The source code is here
In addition, all of the following can be used as endpoints after installation.
/users/ /users/me/ /users/confirm/ /users/resend_activation/ /users/set_password/ /users/reset_password/ /users/reset_password_confirm/ /users/set_username/ /users/reset_username/ /users/reset_username_confirm/ /token/login/ (Token Based Authentication) /token/logout/ (Token Based Authentication) /jwt/create/ (JSON Web Token Authentication) /jwt/refresh/ (JSON Web Token Authentication) /jwt/verify/ (JSON Web Token Authentication) Getting started
How to use
First of all, from the installation.
$ pip install -U djoser
Since JWT authentication is used, you need to use simple_jwt as well.
$ pip install -U djangorestframework_simplejwt
First, make a project,
$ django-admin startproject djoser_authentication
Go within the project.
$ cd djoser_authentication
We'll set up Django.
setings.py
from datetime import timedelta # add
.........
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework', # add
'djoser' # add
]
# add
SIMPLE_JWT = {
#Set token to JWT
'AUTH_HEADER_TYPES':('JWT'),
#Token duration setting
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=60)
}
# add
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
),
}
urls.py
from django.contrib import admin
from django.urls import path,include #add
urlpatterns = [
path('admin/', admin.site.urls),
path('api/auth/',include('djoser.urls')), #add
path('api/auth/',include('djoser.urls.jwt')), #add
]
Only this.
After this, migrate, create an Admin user and launch it locally.
$ python manage.py migrations
$ python manage.py createsuperuser
Username: Admin
Email address: [email protected]
Password:***********
$ python manage.py runserver
And in the browser http://localhost:8000/api/auth/ When you access ...
It's the usual Django REST Framework screen.
Last time, when I accessed Users after this, a list of user information was returned, but what about this time?
"detail": "Authentication credentials were not provided.
Is displayed. I can't show this because I'm not qualified for certification! !! about it.
So how do you get user information? To do this, you need to get a token for authentication.
So to get the token http://localhost:8000/api/auth/jwt/create To access.
Then, the above screen will appear, so enter the Username and password you registered earlier.
Then
The tokens divided into the refrash and access fields as shown above are displayed.
Let's use this to get user information on the terminal. Execute the following command in the terminal.
curl -LX GET http://127.0.0.1:8000/api/auth/users/me/ -H 'Authorization: JWT xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
(Enter the token in xxxx)
Then
{"email":"[email protected]","id":1,"username":"Admin"}
The user information you registered earlier has been returned!
There are many other features in djoser, so please try them out!
Recommended Posts