DRF: how to integrate django-rest-framework-jwt to Djoser

前端 未结 1 947
名媛妹妹
名媛妹妹 2020-12-29 14:27

I am planning to build an application with Django Rest Framework. I\'m more interested in using Django-Rest-Framework-JWT authentication mechanism than

相关标签:
1条回答
  • 2020-12-29 14:32

    I know this question is almost a year old, but I just figured out how to get Djoser and django-rest-knox to play along and sure enough the same technique worked with djangorestframework-jwt as well. The trick is knowing that you can use Djoser's account endpoints without using its auth-related endpoints. You just have to put each library on its own endpoint.

    Here's how I set up Django Rest Framework to use JWTs to log in and authenticate against Djoser endpoints (I'm going to take it from start to finish):

    First, install djangorestframework-jwt and djoser:

    pip install djangorestframework-jwt djoser
    

    Specify that you want to use JWTs to authenticate by adding JSONWebTokenAuthentication to DEFAULT_AUTHENTICATION_CLASSES in your Django project's settings.py:

    REST_FRAMEWORK = {
        'DEFAULT_PERMISSION_CLASSES': (
            'rest_framework.permissions.IsAuthenticated',
        ),
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
        ),
    }
    

    Next, Add djoser.urls and rest_framework_jwt's obtain_jwt_token view to your urls:

    from django.conf.urls import url, include
    from rest_framework_jwt import views as jwt_views
    
    urlpatterns = [
        url(r'^account/', include('djoser.urls')),
        url(r'^auth/login/', jwt_views.obtain_jwt_token, name='auth'),
    ]
    

    That should be everything you need to get started. Just to be safe, run a migrate (I spun up a brand-new instance of Django Rest Framework for this post and hadn't yet run the initial commits before this point):

    python manage.py migrate
    

    To test things out, create a new user if you don't already have one:

    python manage.py createsuperuser
    

    Once you have a user account, runserver and then try logging in to get your JWT:

    http POST http://localhost:800/auth/login/ username=admin password=password

    You should get back a token:

    {
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc-wxjjQtcEjwAI6bTLWRM"
    }
    

    You can then use this token to authenticate against Djoser's /me/ endpoint to get your profile information. Just include your token within your request's header as Authorization: JWT:

    http http://localhost:8000/account/me/ "Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc-wxjjQtcEjwAI6bTLWRM"

    Here's what I got back:

    {
        "email": "",
        "id": 2,
        "username": "admin"
    }
    

    As you can see, it's pretty easy to start using JWTs for authentication. My guess is that libraries like djoser and django-rest-auth focus on Basic, Session, or Token authentication because they're included out of the DRF box and thus are probably the most common method by which people authenticate calls against their server.

    The beauty of all this is that it's easy to implement a more secure authentication scheme because Djoser isn't tightly coupled to its own authentication classes - it'll happily respect whatever you set for DEFAULT_AUTHENTICATION_CLASSES.

    0 讨论(0)
提交回复
热议问题