Im using this library django-rest-framework-simplejwt and want to
I want to be able to redirect to the endpoint after successfully obtaining a token.
I have a standard implementation of getting a token taken from the documentation
from rest_framework_simplejwt import views as jwt_views
urlpatterns = [
path('api/token/', jwt_views.TokenObtainPairView.as_view(), name='token_obtain_pair'),
path('api/token/refresh/', jwt_views.TokenRefreshView.as_view(), name='token_refresh'),
]
Is there any way to change the operation of the TokenObtainPairView function to redirect to the endpoint?
Related
I have an DRF api and I have implemented the simplejwt authentication system. It works well. It is usefull when I want to connect my api from external script (I don't need to store credential and just use the token).
However I also want to be able to use the DRF interface login when i reach my api from browser so I have implemented also the Basic and SessionAuthentication. Is it the good way to do that ?
in my settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
]
}
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(days=1),
}
in my api views.py
from rest_framework.permissions import IsAuthenticated
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.decorators import permission_classes, authentication_classes
# Create your views here.
#api_view(['GET'])
##authentication_classes([SessionAuthentication, BasicAuthentication])
#permission_classes([IsAuthenticated])
def get_all(request):
# as a token is used, the user with this token is know in the requets
user = request.user
# show only mesures of user having the token provided
mesures = Mesure.objects.filter(user_id=user.id)
serializer = MesureSerializer(mesures, many=True)
return Response(serializer.data)
In my urls.py
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
urlpatterns = [
path('mesures/', views.get_all),
path('mesure-add/', views.add_mesure),
path('token/', TokenObtainPairView.as_view(), name='obtain_tokens'),
path('token/refresh/', TokenRefreshView.as_view(), name='refresh_token'),
path('api-auth/', include('rest_framework.urls'))
]
As you can see I had to comment the #authentication_classes decorator to make it work for both with token and login. Do you believe this is a good way to proceed ?
You should be fine with this because as per the DRF documentation -
Because we now have a set of permissions on the API, we need to authenticate our requests to it if we want to edit any snippets. We haven't set up any authentication classes, so the defaults are currently applied, which are SessionAuthentication and BasicAuthentication.
Source: Authenticating with the API
Ref: Line 109: rest_framework/views.py and Line 40: rest_framework/settings.py
So I am following the official documentation for Google sign in with DjangoRestFramework using DJ Rest Auth (this link)
I intend to authenticate with Postman Oauth2 (by following the guide and generating an Access Token)
Postman is generating an access token successfully, but I cannot seem to use this authentication in my API calls. Please who knows which step I am missing - I want to handle everything in Postman.
urls.py
urlpatterns = [
path('', Home.as_view(), name='home'),
path('admin/', admin.site.urls),
path('accounts/', include(api_urls, namespace='api')),
path('accounts/login/', GoogleLogin.as_view(), name='google_login'),
path('accounts/', include('rest_framework.urls')),
]
views.py
class GoogleLogin(SocialLoginView):
adapter_class = GoogleOAuth2Adapter
callback_url = 'http://localhost:8080/accounts/google/login/callback/'
client_class = OAuth2Client
On calling an API endpoint, I get an invalid token error:
If I however visit the Google Login view in my RestFramework UI (in my case http://localhost:8080/accounts/login), I get an endpoint to make a POST, and on making a POST request, a key is generated. Only this key (if used as a Bearer token) works in my API calls.
How can I authenticate on Google, and make my API calls independent of the DRF UI?
Callback URL has been configured on my Google Developer Client.
PS: I feel the answer is in step 6 of the documentation, but I am unable to figure out how to do this in Postman
POST code or token to specified URL(/dj-rest-auth/google/)
What I did here is from postman go to headers then put Authorization = Token youraccesskey
which in your case Authorization = Token ef057......
Hope it helps
I am fairly new to django and gcloud and I am currently stuck at this issue where I am trying deploy my Django App on Gcloud App Engine. When accessing the api for getting token I got this error.
Error when accessing API from App Engine
from django.contrib import admin
from django.urls import include, path
from rest_framework_simplejwt import views as jwt_views
from django.conf import settings
from django.conf.urls.static import static
urlpatterns = [
path('quitnow/', include('quitnow.urls')),
path("admin/", admin.site.urls),
path('api/token/', jwt_views.TokenObtainPairView.as_view(), name='token_obtain_pair'),
path('api/token/refresh/', jwt_views.TokenRefreshView.as_view(), name='token_refresh'),
]
This is my urls.py. When I try to post my information to get token, the post requests doesn't return a response and hangs. I am stuck on this for days. Would really appreciate any help!
I can generate token,However, after the Web accesses me with the first token, I cannot give a new token
I set it in setting
'JWT_ALLOW_REFRESH': True,
But I don't know how to get a new one
Please let me know if you need anything else
I thought that after this setting is completed, the token will be changed automatically Medium expiration time,Looks like I'm wrong
based on this post, you have to do the following:
request the token http post http://127.0.0.1:8000/api/token/ username=vitor password=123
this returns a access token and a refresh token
use the access token to access the site
if the access token expires (site returns 403) use the refresh token to get a new valid access token http post http://127.0.0.1:8000/api/token/refresh/ refresh=REFRESHTOKEN
Note that the refresh token can also expire, then you would have to restart the flow.
EDIT: code snippets
install library
pip install djangorestframework_simplejwt
docs of the library
settings.py
REST_FRAMEWORK = {
...
'DEFAULT_AUTHENTICATION_CLASSES': (
...
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
...
}
urls.py
from django.urls import path
from rest_framework_simplejwt import views as jwt_views
urlpatterns = [
# Your URLs...
path('api/token/', jwt_views.TokenObtainPairView.as_view(), name='token_obtain_pair'),
path('api/token/refresh/', jwt_views.TokenRefreshView.as_view(), name='token_refresh'),
]
We are looking to use django swagger for generating REST API docs. Our app consists of many sub apps and all views use JWT authentication. Document seems very lacking and just mentions the adding of url. This shows me error 400 : ["The schema generator did not return a schema Document"] http://10.0.0.61:8001/API/?format=openapi
from rest_framework_swagger.views import get_swagger_view
schema_view = get_swagger_view(title="HashCove REST API")
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'info/', BackendVersion.as_view()),
url(r'^transaction/', include('kyc_rest_services.kyc_connect_transaction_manager.urls')),
url(r'^drive/', include('kyc_rest_services.carbon_drive.urls')),
url(r'^channels/', include('kyc_rest_services.channels.urls')),
url(r'^accounts/', include('kyc_rest_services.kyc_connect_accounts.urls')),
url(r'^API/', schema_view, name="docs")
]
Can it show all the APIs in the other apps and no authentication required.