Access user id and add to session with Ember about django-rest-framework-jwt HOT 6 CLOSED

So there are a couple of ways to do it. You can obviously implement your own view and serializer which return the token and any other data. For example I have one where I return the serialized user as well as the token.

{
    "id": 1,
    "username": "jpadilla",
    "first_name": "Jose",
    "last_name": "Padilla",
    "gravatar_url": "https://secure.gravatar.com/avatar/2bc52d43e49aa66154b0ef2ce0cb2407",
    "timezone": "UTC",
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE0MjYwMzkxMzEsInRva2VuX3ZlcnNpb24iOiJjYWQ2Mzg0MS01Mjc0LTQ1ZWItODYyZC00MDRiY2JiYTU3YTQifQ.kzqxXdrXS2rUme6JgQVa_AW6z8r1SUmh-mtc7P3KE58",
    "date_created": "2014-06-12T00:05:26.632Z",
    "date_modified": "2014-11-10T21:17:43.975Z"
}

The easiest way would be to implement your own custom ObtainJSONWebToken like view and serializer to return exactly what you want.

The default ObtainJSONWebToken view just returns the token, but the token's payload(which is actually a base64 JSON encoded object) contains the user's id, email, username, and expiration as specified by the jwt_payload_handler method(you can also specify your own). This means that with plain old JavaScript you could extract that payload from the token. I'm thinking that perhaps ember-cli-simple-auth-token should do this and expose any data that might be inside the token. Something like:

  // Get the part of the token where data is stored.
  token = token.split('.')[1];

  // Make URL friendly.
  token = token.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=+$/, '');

  // Reverse to original encoding.
  if (token.length % 4 !== 0) {
    token += ('===').slice(0, 4 - (token.length % 4));
  }

  token = token.replace(/-/g, '+').replace(/_/g, '/');

  // Return the token data decoded.
  return JSON.parse(atob(token));

Btw, I pasted your token into jwt.io and it works as expected, you'll see the header data, then in blue the actual payload data I was talking. You're probably seeing an invalid signature error because you didn't specify the secret you used to generate the token, there's a field in red with secret just switch that out for whatever your JWT_SECRET_KEY setting is set to, by default Django's SECRET_KEY is used.

from django-rest-framework-jwt.

Also, I pasted my generated token into http://jwt.io and its showing as "invalidate signature" any idea on what that is or if its just my lack of understanding with cryto/JWT?

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6IjFAMS5jb20iLCJ1c2VyX2lkIjoxLCJlbWFpbCI6IjFAMS5jb20iLCJleHAiOjE0MTgyNDEzMDR9.pXV2Jw_335AVB-zh0L6sYKkLnH4zAaw_C70c7iS-NiI

from django-rest-framework-jwt.

@jpadilla Hey thanks for the thorough response, that helped me out a ton! I didn't realize that you already baked in a way to write a custom payload_handler - that's perfect. I am wondering if you have lots of experience with DRF + ember? I may have more questions later!

I was wondering what the use case for having the token in the user serializer? shouldnt it be in the auth header? Anyways thanks again!

from django-rest-framework-jwt.

There isn't much into using DRF + ember if you don't use ember-data. Feel free to send me an email whenever you have a question, will try to help.

The token in the serializer is an example of the custom serializer I use in a signin endpoint which basically returns the user's data as well as the token(which the client would then include in further requests in the auth header).

Closing this for now as it's not an issue.

from django-rest-framework-jwt.

definitely.... thanks man.. We using ember data but this lib makes working between them smooth https://github.com/ngenworks/rest_framework_ember

from django-rest-framework-jwt.

I write code in DRF-Ember project too and this discussion help me a lot too. Almost all of DRF-Ember project beginner may experienced like this invalid signature and jpadilla's kind answer would be very helpful.

from django-rest-framework-jwt.