/django-ninja-jwt

A JSON Web Token authentication plugin for the Django REST Framework.

Primary LanguagePythonMIT LicenseMIT

Ninja JWT

Test PyPI version PyPI version PyPI version PyPI version Codecov Downloads

Abstract

Ninja JWT is JSON Web Token plugin for Django-Ninja. The library is a fork of Simple JWT by Jazzband, a popular JWT plugin for Django REST Framework.

Notice

This library does not fix any issues from the source SIMPLE JWT. It only added support for Django-Ninja and removes DRF dependencies. And time after time, subsequent updates from SIMPLE JWT will reflect here.

For full documentation, visit.

Requirements

  • Python >= 3.6
  • Django >= 2.1
  • Django-Ninja >= 0.16.1
  • Django-Ninja-Extra >= 0.14.2

Example

Checkout this sample project: https://github.com/eadwinCode/bookstoreapi

Installation

Ninja JWT can be installed with pip:

pip install django-ninja-jwt

Also, you need to register NinjaJWTDefaultController controller to your Django-Ninja api.

from ninja_jwt.controller import NinjaJWTDefaultController
from ninja_extra import NinjaExtraAPI

api = NinjaExtraAPI()
api.register_controllers(NinjaJWTDefaultController)

The NinjaJWTDefaultController comes with three routes obtain_token, refresh_token and verify_token. It is a combination of two subclasses TokenVerificationController and TokenObtainPairController. If you wish to customize these routes, you can inherit from these controllers and change its implementation

from ninja_extra import api_controller
from ninja_jwt.controller import TokenObtainPairController

@api_controller('token', tags=['Auth'])
class MyCustomController(TokenObtainPairController):
    """obtain_token and refresh_token only"
...
api.register_controllers(MyCustomController)

If you wish to use localizations/translations, simply add ninja_jwt to INSTALLED_APPS.

INSTALLED_APPS = [
    ...
    'ninja_jwt',
    ...
]

Using Ninja Router

Also, if you are not interested in following NinjaExtra methodology, check out this doc on how to use Ninja-JWT with Django-Ninja here

Usage

To verify that Ninja JWT is working, you can use curl to issue a couple of test requests:

curl \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"username": "davidattenborough", "password": "boatymcboatface"}' \
  http://localhost:8000/api/token/pair

...
{
  "access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNDU2LCJqdGkiOiJmZDJmOWQ1ZTFhN2M0MmU4OTQ5MzVlMzYyYmNhOGJjYSJ9.NHlztMGER7UADHZJlxNG0WSi22a2KaYSfd1S-AuT7lU",
  "refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"
}

You can use the returned access token to prove authentication for a protected view:

curl \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNDU2LCJqdGkiOiJmZDJmOWQ1ZTFhN2M0MmU4OTQ5MzVlMzYyYmNhOGJjYSJ9.NHlztMGER7UADHZJlxNG0WSi22a2KaYSfd1S-AuT7lU" \
  http://localhost:8000/api/some-protected-view/

When this short-lived access token expires, you can use the longer-lived refresh token to obtain another access token:

curl \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"}' \
  http://localhost:8000/api/token/refresh/

...
{"access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNTY3LCJqdGkiOiJjNzE4ZTVkNjgzZWQ0NTQyYTU0NWJkM2VmMGI0ZGQ0ZSJ9.ekxRxgb9OKmHkfy-zs1Ro_xs1eMLXiR17dIDBVxeT-w"}