Django REST JWT authentication | Simple JWT

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
let's start shall we django rest framework lets you authenticate your user in different ways it has built-in basic authentication session authentication uh you can also leverage token authentication they call it like drf auth token besides it has remote authentication custom authentication or blah blah blah well the jwt authentication is one of the greatest uh packages they have i mean they don't have it built in but you can use this gwd authentication as a package so when you have it ready when you have it installed then you can leverage the gwd authentication so in this video we are going to talk about the jwd authentication and we'll see like how it works and you know we'll see the coding as well on visual studio code the juicer library on the other hand has some built-in features uh we can also have this juicer library alongside with jwd authentication uh it has really powerful features in it so i have used it in my recent projects and it is really nice we will talk about this juicer library in the next maybe next videos if you really want to know about the juicer library then please comment below and let me know that you also want to know the user library about however now it is all about jw authentication so let's let me move to the next uh slide where i can explain how this jwd authentication works and how it differs from the token authentication or maybe from the basic authentication so the basic authentication let's say you have this view the basic authentication and you want to get something from this database so what you're going to do you're going to send this credential to this server side and the server side or this guard i would say checks this username and password against this database and if it is okay then you know um you get data from you from the database right but the problem is every time if you want anything from this database you need to send this username to and password to this girl that's the problem right i mean this is not a good idea i think and it is it is inefficient i would say so we don't really recommend um to use this thing to use this basic authentication for the production i would say so what about this token authentication then so this token authentication is also called uh drf token um so when you have this uh installed or let's say when you have this injected in your project what happens it creates a table um on inside this database which is called i think token table yeah so so i'm sending this username and password to this um you know to this girl and this guy will check this username and password against this database let's say you are okay and now what happens this time this time a token gets generated inside this database and inside the table name token so this token gets generated and then it it is sent back to this user so now you are authenticated so when you are authenticated this time if you want anything from this database you don't send username and password instead you send this token to this guard and this guard will check this token against this database or let's say the database table so every time you send this token to get anything to get you know to fetch the data from the database this will be checked against the database so that's a problem right it's not a problem to be honest but well that's the way it is so that is token authentication and the token authentication has a like an unusual feature i would say the token authentication uh has like lifeline lifetime expiry date you know like so uh this token never gets expired so once it's created it just stay in the database so um unless you you know locks out or unless you delete it you know so so yeah so that's the token authentication and the jw authentication i would say a little bit better than the token authentication because what happens i'm gonna keep it over here okay so one more time the username and password i'm sending it to the guard it is getting checked against the database let's say i'm okay this time i will be sent a token as well but this time this token is not populated from the database what happens behind the scene when my credentials are okay the token gets generated against a private key which is preferably stored in the server side so this token is is getting generated against the private key not in the database so after you know this being generated this will be sent to me and then every time i want to get anything from the database i will send this token and this token will be checked or validated you could say against this private key so this token never gets checked by the database so this is much more faster and efficient way that's it yeah so that's pretty much it okay i'm losing my token let me put it here and so now you know this token thing and this uh jwd authentication and all that so we would like to go to the visual studio code but before you know going there let me show you another thing so this jw authentication you know it helps in some other ways too so you know that when you uh send requests from the front end you need to create like views dot pi serializer.pi or yours.pi uh in your project right but when you have this gwd authentication installed or like you know when you use this package you don't need to create these urls views or either serializer.buy they all come with a package you know so you have this like readymade or something you could say but now let's move into the uh you know visual code and we will do some coding over there and let's see how jwt works and how we can install general body first of all what we're gonna do we're gonna um create we're gonna install so let's say pip install django rest frame simple jwt remember you are installing django rest from a simple jwt not django rest framework jwt just for the clarification so i'm using django rest from a simple jot um so in the settings file we'll be using this um and as i was saying there is another one called django rest from uwt so in the settings file you need to use this i will show this don't worry about it let me install this i think it's already been installed i mean i already have this installed so it's not going to install nothing it's saying it's saying like requirement already satisfied but for you it's gonna install with no issue for sure so once it's installed you're gonna go to the i think this is the main directory of my project so that's called inventory so i'm gonna go there i mean it's gonna be different for you for sure so go to the settings file that's the main setting file um and i would like to show you something well that's the guide uh how we can do it so peep install we have done this part already i'm gonna copy this and i will go to my code let me minimize a little bit i'm gonna put it over here so i don't need this i don't need this either and i don't need this either so rest framework simple.authentication.jwt authentication okay so that's that's what i was saying so rest framework symbol chart authentication dw authentication but if you using this framework i'm sorry if you using this uh this one this package then the settings.pi says the different thing look at this this is a little bit different from this one okay so now once this ready uh i can go back and i can copy this but before copying this i would like to go to another view which is this so i want to have this time delta thing so i can put it on the top why not so here and then maybe here i can have this simple thing so the these are like little settings you don't need all of them you know access time token lifetime it says refresh token lifetime algorithm signing key and all the things author header types it's going to be like bearer author header name is gonna be hd authorization and all that thing you really do need a lot of things um you know all of them you can you know cancel it i'm not gonna have all of these you can have it if you want to so let's say yeah so let's keep it like this okay so access token lifetime is gonna be five minutes as you can see okay so that's fine uh so i have this restaurant ready i have this simple jot ready but i don't have this all of this so what i'm going to do i'm going to go ahead and cancel these just to keep it simple for the time being so let's save it i'm going to go to the urls and okay so you have to grab this so look at this those two views are given by the simple chart and i will have these two parts ready i mean the urls so also being ready for us so here we go the view is ready by the simple jar the part being you know given by the simple i had to do nothing actually so that's all done i guess uh now what i can do i can go to the postman and http localhost let me take one of those you know previously used okay so api so that's gonna be like api token right so api token oops sorry so this api token yeah so we're gonna hit this uh it's gonna be like the post method body uh in the body we can send uh data we're gonna select this x www form unreloaded um so we can say email monitor gmail.com and let's say we have the password he's gonna be less than one here at one two three four five six so you may might be wondering like what how i have this email and password and all these things let me go to the database because i have already set a database on postgres so this is the email and this is the password i think somewhere around this is hashed so you can see it so yeah this is already set up so since i have everything ready over here so i can go get back to the visual studio code and run my server so python manage dot by run server if everything is okay then it's gonna run okay looks okay now we're gonna hit i'm hitting and it gives me the access token as you can see right now since we have this access token we wanna retrieve a data let's say let's say we have this uh user detail or something we're gonna send we're going to send a get request so and it says authentication credentials were not provided so it is asking our authentication detail or let's say the access token so what i'm gonna do i'm gonna actually go to authorization from here i will say bro token uh let me show because it says auth header type is better so you need to select that and now here is the token part you need to you know provide the access token over here so let me go ahead and have this access token from here copy it i'm going to put it over here and now if we send a request it gives me the details as you can see the user title is here how about i'm gonna change this a little bit like i'm gonna temper this let's say i want to replace this e with q something like that and now if i want to if i send this it says given token not valid for any token type token not valid token classes access token blah blah blah blah blah let me put this back that was e right yeah so yeah i'm getting this token back this simple jot is pretty easy um all you have to do you have to you know go for this little setting over here have it installed and make your life easy well thank you very much um hit the like button and subscribe my channel and if you want to know anything um anything in particular then let me know in the comment section so that i can make more videos like this thank you once again bye bye
Info
Channel: Code Aura
Views: 6,278
Rating: undefined out of 5
Keywords: django rest-framework, django rest framework, django rest framework authentication, django rest api, django rest token authentication, django rest token authentication tutorial, django rest simple jwt, django rest jwt, django token based authentication, django simple jwt, django serializer, django rest framework tutorial, django jwt authentication
Id: KLua_cYGLec
Channel Id: undefined
Length: 14min 40sec (880 seconds)
Published: Mon Feb 22 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.