This article is not a tutorial or a guide, it is more like a request for code review and validate the implementation from more experienced Django ...
For further actions, you may consider blocking this person and/or reporting abuse
Hey Ahmed, I really appreciated this awesome and thorough article! I have one question, which is around the refresh_token_view. You are importing "safe_jwt", I assume that this is subapp within projects. I'm interested to know what the model in here is responsible for? And also, what the function of the app is?
Thnaks for the kind words
safe_jwt
was just a fancy name foraccounts
app when i was testing on my own, i just forgot to clean upand the model
UserTokenVersion
is a method i was trying to revoke the token but i wasn't sure about it so i just mentioned it at the end and forget to clean from my code ... my apologize for thisThanks for this article especially the CSRF description!
Its a great article. I really appreciate it!
Can you tell how to pass the csrftoken to the request headers using X-CSRFTOKEN key? I can access it by setting the X-CSRFTOKEN key in the Postman but I would like to know how to achieve the same through the code.
Thank you!
Hey Ahmed, appreciate the hard work
im wondering what to do with the refresh token, how the frontend (im using react) utilze it i mean if i set up (remember me) option on login what would be my next step, i cant read an httponly cookie from the fronten so what to do?
thanx
generate_refresh_token method what is meaning token_version please tell me what pass data
Do you know the answer yet?
this is an un-used parameter, you can ignore it
i was testing something to expire the token but forget to remove it
Initially while requesting we are not passing access token token to login api from client side , this line authorization_heaader = request.headers.get('Authorization') in authentication.py will fail. it returns just 'Bearer' no token with it.
and it returns 'Token prefix missing' with 403 error.
Really helpful, thank you so much. Exactly what i need for now <3
Thank you very much for this post. My api for mobile was not as secure as it should have been. Keep up the good work and good luck to you
Great article, keep up 👍
Thanks
Tnx a lot :X
a great step by step tutorial with excellent detail :x
tnx again.
Hi!)
Citate: "which is a short life jwt (maybe 5 mins) and send it in the response body"
Can we generate a token without a date of expirience ? Assume, if i'd refresh my token when i want to do it.
that really helped me... Thanks🔥
Thankyou, you saved me.
'Settings' object has no attribute 'REFRESH_TOKEN_SECRET'
Am getting the following error once I try to login what would I be doing the wrong way
you have to set it yourself in
settings.py
fileBy the way, Great article, keep up
great article!!
Thanks
permission_classes = (IsAuthenticated,) is not working
{
"detail": "You do not have permission to perform this action."
}
please help any one
post work with me fro postman
but not work from axios
and i add X-CSRFTOKEN in header in postman & axios
but not work in axios
thank you ahmed
good work
but i need to ask two question
1- custom JWT authentication with custom user table
how use refresh token
2-how do custom PERMISSION
I have a question to ask.
If I put JWT in cookie from server to client, and the client takes JWT from cookie to headers for every request, do I need CSRF token additionally?
the client can't read the httponly cookie, only the server can read it
Hello @ahmed Atala am getting this error can you help out 'Settings' object has no attribute 'REFRESH_TOKEN_SECRET'
you have to set it your self in
settings.p
filepythondecoders.com/2021/01/jwt-jso...
Hello am getting this error when autheniticating.. DecodeError Not enough segments can you please help
I hope you solved your problem. If you wouldn't mind posting some code, it'd be a little easier to debug.