Debug School

rakesh kumar
rakesh kumar

Posted on

How to Implement Authentication & Refreshing Tokens Implementation in django

customize the behavior of simple JWT for access token and refresh token

Certainly! Here's a full code example to implement authentication and token refreshing in Django using the Django REST Framework and Simple JWT library:

Install required packages:

pip install django djangorestframework django-cors-headers djangorestframework-simplejwt
Enter fullscreen mode Exit fullscreen mode

Set up Django project:

django-admin startproject myproject
cd myproject
python manage.py migrate
python manage.py createsuperuser
python manage.py startapp myapp
Enter fullscreen mode Exit fullscreen mode

Configure project settings:

myproject/settings.py 

INSTALLED_APPS = [
    # ...
    'rest_framework',
    'corsheaders',
    'myapp',
]

MIDDLEWARE = [
    # ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ],
}

SIMPLE_JWT = {
    'REFRESH_TOKEN_LIFETIME': timedelta(days=7),
}

CORS_ORIGIN_ALLOW_ALL = True
Enter fullscreen mode Exit fullscreen mode

Create serializers:

myapp/serializers.py 

from rest_framework import serializers
from django.contrib.auth.models import User

class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ('id', 'username', 'email')
Enter fullscreen mode Exit fullscreen mode

Create views:

myapp/views.py 

from rest_framework import generics
from django.contrib.auth.models import User
from myapp.serializers import UserSerializer

class UserList(generics.ListAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer
Configure URLs:
Enter fullscreen mode Exit fullscreen mode

myproject/urls.py 

from django.urls import path, include
from myapp.views import UserList
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView

urlpatterns = [
    # ...
    path('api/users/', UserList.as_view()),
    path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
    path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
]
Enter fullscreen mode Exit fullscreen mode

Run the server:

python manage.py runserver
Enter fullscreen mode Exit fullscreen mode

Now you can make requests to the following endpoints:

http://localhost:8000/api/users/ (GET request to retrieve user list)
http://localhost:8000/api/token/ (POST request to obtain a token)
http://localhost:8000/api/token/refresh/ (POST request to refresh the token)
Enter fullscreen mode Exit fullscreen mode

Make sure to include the necessary headers and data in your requests, such as Content-Type: application/json and the user credentials for the token requests.

This code provides a basic implementation of authentication and token refreshing

customize the behavior of simple JWT for access token and refresh token

To customize the behavior of Simple JWT for access tokens and refresh tokens in Django, you can override the default settings and classes provided by the library. Here's an example of how you can customize the behavior:

Open your Django project's settings file (settings.py).

Update the SIMPLE_JWT dictionary to customize the settings. You can modify the following settings as per your requirements:

settings.py 

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=15),  # Set the access token lifetime
    'REFRESH_TOKEN_LIFETIME': timedelta(days=30),  # Set the refresh token lifetime
    'ROTATE_REFRESH_TOKENS': False,  # Set whether to rotate refresh tokens on each refresh or not
    'BLACKLIST_AFTER_ROTATION': True,  # Set whether to blacklist old refresh tokens after rotation or not
    'ALGORITHM': 'HS256',  # Set the token signing algorithm
    'SIGNING_KEY': settings.SECRET_KEY,  # Set the token signing key
    'AUTH_HEADER_TYPES': ('Bearer',),  # Set the types of auth headers to look for
    'USER_ID_FIELD': 'id',  # Set the field name used to identify the user
    'USER_ID_CLAIM': 'user_id',  # Set the claim name to store the user ID in the token payload
    'AUTH_TOKEN_CLASSES': (
        'rest_framework_simplejwt.tokens.AccessToken',
        'yourapp.tokens.CustomRefreshToken',  # Add your custom refresh token class
    ),
    'TOKEN_TYPE_CLAIM': 'token_type',  # Set the claim name to store the token type
}
Enter fullscreen mode Exit fullscreen mode

Create a custom refresh token class by subclassing rest_framework_simplejwt.tokens.RefreshToken and override any methods or properties you want to customize. For example:

yourapp/tokens.py 

from rest_framework_simplejwt.tokens import RefreshToken

class CustomRefreshToken(RefreshToken):
    token_type = 'custom_refresh_token'

    def jti(self):
        return 'custom-refresh-token-' + str(self.token)
Enter fullscreen mode Exit fullscreen mode

Update the 'yourapp.tokens.CustomRefreshToken' reference in the AUTH_TOKEN_CLASSES setting of SIMPLE_JWT to point to your custom refresh token class.

Save the changes in your settings.py file.

By customizing the settings and providing your own token classes, you can modify the behavior of Simple JWT for access tokens and refresh tokens in Django according to your requirements.

Top comments (0)