Comments (6)
So there are a couple of ways to do it. You can obviously implement your own view and serializer which return the token and any other data. For example I have one where I return the serialized user as well as the token.
{
"id": 1,
"username": "jpadilla",
"first_name": "Jose",
"last_name": "Padilla",
"gravatar_url": "https://secure.gravatar.com/avatar/2bc52d43e49aa66154b0ef2ce0cb2407",
"timezone": "UTC",
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE0MjYwMzkxMzEsInRva2VuX3ZlcnNpb24iOiJjYWQ2Mzg0MS01Mjc0LTQ1ZWItODYyZC00MDRiY2JiYTU3YTQifQ.kzqxXdrXS2rUme6JgQVa_AW6z8r1SUmh-mtc7P3KE58",
"date_created": "2014-06-12T00:05:26.632Z",
"date_modified": "2014-11-10T21:17:43.975Z"
}
The easiest way would be to implement your own custom ObtainJSONWebToken
like view and serializer to return exactly what you want.
The default ObtainJSONWebToken
view just returns the token, but the token's payload(which is actually a base64 JSON encoded object) contains the user's id, email, username, and expiration as specified by the jwt_payload_handler
method(you can also specify your own). This means that with plain old JavaScript you could extract that payload from the token. I'm thinking that perhaps ember-cli-simple-auth-token should do this and expose any data that might be inside the token. Something like:
// Get the part of the token where data is stored.
token = token.split('.')[1];
// Make URL friendly.
token = token.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=+$/, '');
// Reverse to original encoding.
if (token.length % 4 !== 0) {
token += ('===').slice(0, 4 - (token.length % 4));
}
token = token.replace(/-/g, '+').replace(/_/g, '/');
// Return the token data decoded.
return JSON.parse(atob(token));
Btw, I pasted your token into jwt.io and it works as expected, you'll see the header data, then in blue the actual payload data I was talking. You're probably seeing an invalid signature error because you didn't specify the secret you used to generate the token, there's a field in red with secret just switch that out for whatever your JWT_SECRET_KEY
setting is set to, by default Django's SECRET_KEY is used.
from django-rest-framework-jwt.
Also, I pasted my generated token into http://jwt.io and its showing as "invalidate signature" any idea on what that is or if its just my lack of understanding with cryto/JWT?
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6IjFAMS5jb20iLCJ1c2VyX2lkIjoxLCJlbWFpbCI6IjFAMS5jb20iLCJleHAiOjE0MTgyNDEzMDR9.pXV2Jw_335AVB-zh0L6sYKkLnH4zAaw_C70c7iS-NiI
from django-rest-framework-jwt.
@jpadilla Hey thanks for the thorough response, that helped me out a ton! I didn't realize that you already baked in a way to write a custom payload_handler - that's perfect. I am wondering if you have lots of experience with DRF + ember? I may have more questions later!
I was wondering what the use case for having the token in the user serializer? shouldnt it be in the auth header? Anyways thanks again!
from django-rest-framework-jwt.
There isn't much into using DRF + ember if you don't use ember-data. Feel free to send me an email whenever you have a question, will try to help.
The token in the serializer is an example of the custom serializer I use in a signin endpoint which basically returns the user's data as well as the token(which the client would then include in further requests in the auth header).
Closing this for now as it's not an issue.
from django-rest-framework-jwt.
definitely.... thanks man.. We using ember data but this lib makes working between them smooth https://github.com/ngenworks/rest_framework_ember
from django-rest-framework-jwt.
I write code in DRF-Ember project too and this discussion help me a lot too. Almost all of DRF-Ember project beginner may experienced like this invalid signature and jpadilla's kind answer would be very helpful.
from django-rest-framework-jwt.
Related Issues (20)
- Is there a way that we can avoid multiple token generations for a single user if he/she try to login on different browsers? HOT 2
- JSONWebTokenAuthentication object has no attribute 'media_type'
- external server
- Call an endpoint without Authorization header HOT 1
- Add support for ES256 signing algorithm
- [feature] permit to use custom header instead of `Authorization`
- registration
- how to refresh existing tokens??? HOT 6
- redis cache HOT 1
- WinError 123 after tutorial HOT 1
- How to use this library by only using Http Only Cookie? HOT 1
- Curious Whether JWT Still Works Given Libraries Requirements Mismatch? HOT 3
- Status HOT 12
- Documentation not found HOT 2
- Dead Link in readme.md HOT 1
- DeprecationWarning: The following fields will be removed in the future: `email` and `user_id`. HOT 1
- Hope to support the response format of custom authentication failure HOT 1
- Unreachable code when user is_active is False in. HOT 1
- Can we use allauth only for the things, where we can get involved with email verification, and jwt for others purposes like login/get api request/ post api requests....????
- Cookie not removed in request when response is 401
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-rest-framework-jwt.