How to use JWT Authentication with Django Rest Framework

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome in our tutorial today we are going to see how to use gwd authentication with django rest framework and how to containerize it using docker so at first here i'm in my project folder we're going to start with creating a virtual environment i'm just going to call it env we're going to wait until he sets up everything okay great now we're going to activate it okay now the next step is to create a django project start project we're going to call it authenticator excellent next step is to next step is to actually create an app so we're going to create an app called api okay and now everything should be set up so what do we need to install well we need to install this little thing that's going to help us set up our api and use gwt for authentication it's called django rest framework underscore simple jwt it's now installing it great now that this is installed we're going to have to play with the settings a little bit so let's go there in our settings we're going to add first our api app here and then here rest framework and also rest framework simple jwt okay and after that we're going to create a bunch of settings for to tell django that with rest framework we want the authentication class to be using jwt so there we go okay and that should be it great now let's start with uh doing some url routing so at first we're going to tell him that we we want him to include here our urls from the api app so we're telling him if you're looking at this tutorial you should be familiar with that include thing but basically it's just saying at the root of the of the website you're going to add all the urls from the app api and now we're going to set up the url for the actual api app so let's create a new file and we're going to import a bunch of stuff this is path from django urls this is helping us to create the url patterns res framework jwt actually did i make this mistake here no it's actually simple sometimes i forget the word simple import views you jwt views and from our app from the folder import views excellent now your patterns we're going to create the urls basically we're going to create three endpoints the first is going to be called login and basically what this is going to do is that it's going to give us an access token and a refresh token when we impute our users credentials so it goes like this okay as you we're going to call it login okay let's do a bunch of copy paste second one is going to be called run basically this one is going to check out if we are authenticated using a bearer token and if we are he is going to return us a message where he just says hello world not not really original but uh this is how we do it in the in the programming world hello world as you and here hello world okay and here we're going to have another endpoint we're going to call it me and what it does in when the user is going to go to that endpoint and authenticate himself using our token if the authentication works this endpoint is going to return the user's username and the user's password and basically we're going to create an extractor because it's basically going to be extracting this data from the token okay great this is setup now that we have this url pattern set up we need to create the views so this is our next step okay so the next step is that we're going to be creating our views so at first we're going to import a bunch of stuff from rest framework that we're going to be using we're going to import api view number response we're going to be importing response and let's go and copy paste a little bit from permissions we're going to be using is authenticated now from there we're going to be creating two views first one being hello view api view and we're going to set up a permission class so what that means is that oops what that means is simply that when the user is going to want to access that view he's going to have to be authenticated get self request okay we're going to create a dictionary and all we want is that if this user is authenticated this view will return a message called hello world and we return it using the response from rest framework response there you go the second one is going to be about extracting data from getting the the usage data after he's used the token so we're going to be creating this actually extractor again api view same thing we want him to be authenticated and we want him to we actually want him to uh give us his informations so that's gonna be username we're gonna be taking user name it's gonna be a request user username and password request user password that simple so it's basically saying give me the username from the user doing this request after you've made sure that this user was authenticated and we return response with that content i'm not sure if this is if this is okay much better come back here okay should be working now the next step that is going to be doing some migrations make sure everything was fine oh we're not in the right folder oops yeah make migrations okay migrate okay great and now we're eventually going to test this live and see if it works like we want it to work so let's do a run oh by the way we have to create a super user because to do this authentication here we need a user to actually exist so we're just going to use this command i'm going to call it alex we're not going to give him an email and i'm going to set up a very simple password which is one two three four oops okay he's not happy but it's okay and there we go okay now that the server is running i'm gonna be using an application called postman to interact with the api you can use whatever you want you can even actually reach this this url and go to the urls we have set up and django rest framework will display an interface for you but for the sake of this tutorial we're going to be using postman okay so this is postman the point of this tutorial is not to explain how to use postman but basically it's just a little app that allows you to make requests with um an api you can use whatever you want to interact with this api but for the sake of this tutorial we're going to be using postman so here we're going to make a request to that endpoint in order to generate a token so uh we want to be doing a post request and we want to be giving him a username and a password okay and here we go he's returning us to token this is an access token this is uh it works only five minute and this is the refresh token that you can use to generate new access tokens over the time now we have those two tokens what we want now is to test our second endpoint run to see if he does return hello world after we give him the right informations so it's gonna be a get request we're going to go to run and this time we're going to go to authorization and add a battery token and the token is going to be this one the access token so i'm going to copy it i'm going to pass it here and we're going to send this request okay it works it returns hello world just for testing we're going to try to mess up a little bit with this token we're going to add fake and if i send it now he's not happy he says the token is not valid so that view is definitely working the third view we want to test is the extractor so let's go to me and again we're gonna take out the fake go back with the real token and set a get request and as you can see he's returning us my username and of course my password that's hashed okay the next thing we're going to do now is to actually create some api test cases so this is not 100 required if you're just trying to get familiar with how this work but you should get used to always create tests when you're coding it's called uh test driven development and if you work for a corporation or something most likely they will require you to create tests to make sure that all the code is working so we're going to add a little chapter to this tutorial to let's say as a bonus you can skip it if you just want to get familiar with gwdt authentication but here we're going to learn how to create tests to make sure that our api works so first thing we're going to do here is again so we're going to go in here in api or api app and we're going to import a bunch of stuff that we need we're going to import the test cases for from rest framework so api client and api test case then from django urls we're going to import reverse and we're also going to need to create a user so of models we're going to actually import that user okay we don't need this one okay we're going to create a class not a very original name api test case which actually let's actually give him a nice name authenticator see this okay let's just cut it like this we're going to create a setup method so this is something that's going to be executed at the beginning of each test at first we're going to create a user so that's the way we're doing it this is the username alex tester this is going to be the email okay and this is going to be uh the password let's actually put it like this and uh like this to pretend it's actually safe self client it's the api client that we've imported above self login url we're just going to define a bunch of urls for convenience login self uh what was the name again of this url uh hello view so we're gonna call it hello view url and it's gonna be reverse hello world actually i'm gonna click hello world makes more sense and the third one is going to be extractor url the name of it is it tracks okay okay and then we're going to create an access token so for this access token this is going we're first going to test the generation of this token and how it works but then for the last test we're you know i'm not going to put it right now we're going to put it after so that you can really understand how it works so the first thing we want to create is test login return jwt so we're testing that the login endpoint is actually returning jwt okay we're going to add some dark string here the login view return access token and a refresh token okay so our first test is going to be to make sure that the login endpoints return the token i'm going to create a dock screen here thanks we don't need this great we're gonna give him some credentials username next tester password here this is the password okay and then we're going to create a response so what this does basically is that it's using self client which has been defined here and self client is the api client that we take from rest framework tests so it's an impact line that's used by rest framework to do some testing and we're going to be using a post method so at first you have to put it you have to give him the url that you want to use so usually here i will be doing something like http test server login but because we have defined here the self logging url i'm just gonna put self logging url instead and then you're going to give him the parameters and the parameters here is going to be the credentials that we've just defined so we're telling him you post this there and then you're going to make sure that the response is 200 i want something that works we're going to make sure that access is in the answer it's actually again in the response okay and we're going to make sure that refresh is also in uh in the response the reason why i do like this is because right now i don't know exactly what token he's going to generate but i just want to make sure that he has those two keys so that uh we know that he's giving us the type of answer that we're expecting on the top of a 200 status quote okay so let's test this test let's see if it works for this is easy we're going to do python manage the pi and then uh test and then we're going to tell another one api we want test and we want authenticated test case and we want this one he's not happy so what's wrong with that api test authenticated test case let's know that's weird oh i i didn't i didn't actually um save the file there you go okay great he run one test and he says that it's okay so it means that it's working just for the purpose of this tutorial i'm going to print the response so that you can see exactly uh we can get the status quo and we're going to print the the actual data so that you can see what it does exactly let's do it again and there we go this is the status 200 meaning okay and this is what he's giving us refresh token and access token so we know that based on that the first view login works and does what we want it to do now the second test is going to be making sure that if we don't give him the proper credentials he's not giving us a token okay so it's going to be a little bit faster this time don't return do not return doesn't return return token if we use that create ventures so the password is going to be i'm going to change the password do the exact same thing by the way we couldn't remove this this was just to show you uh and then this should give us a 401 meaning unauthorized let's go let's let's test it uh let's just do all the tests he run only one test why does he run only one test there's two tests oh i didn't change the name bad again return tradability don't return digitality but anyway he run the two tests and they work just to make sure just to actually show you this test only we're going to do that one only okay so we're doing only this test that we've just created and he's okay with it he's giving us a okay next test is going to be about our hello world view so test run return hello world okay so the hello world view return hello world basically what we wanted to do and now we're going to be defining what i wanted to do from the beginning here a an access token because now we're going to be using the access token and i don't want to have to do all this thing again each single time i recreate a test access token and this is going to be basically this thing we are we want we want to be generating a token so we're doing we're posting at the login url using our credentials except that here the credentials have not been set up so we're going to write them user name it's going to be linux tester and password it's going to be our password okay and for just for to be more clear i'm going to break a line here then we're going to need a json version of this um basically the json data from the from the response from the request and in the json we're going to be asking for the uh the access token okay so now this is going to be our access token so we don't have to re rewrite all this each time okay so our hello world function let's go with it self clients credentials and here we're going to give him an http authorization which is going to be bearer space and then we're adding the access token from here self access token okay so now he knows that when he's gonna do his request he's gonna ha he's gonna add the battery token to uh the header for the uh for the authorization okay now we're gonna create our response self climb get because it's now a get request and again we're going to do this on the hello world url that we've defined here so this is a reverse of hello world and here hello word is that view and that u is the one that's supposed to return hello world if we are authenticated so we're gonna want to assert equal that the status quo is 200 and that we're going to also to create an expected response so expected let's go message hello world what is it that we that we wrote before uh okay where was it it was there this is what we're expecting okay you can take out those all right okay and here response jason we're expecting that basically so let's make sure everything's fine it should be working let's do this so what is that what it says okay here there's a there's a mistake i missed that okay he's happy with it again just to to show what we're doing here because just saying run okay we're going to print the response so as you can really see what he's telling us so if i just response like this you're not gonna have that much information just showing you what it says it's just gonna give us this he's telling us okay 200 it's jason okay we want to know what's inside so we add json like this and this is the data that he's giving us message hello world which is what we were expecting okay so this is fine too we are almost done with the test the last one we're going to do is for that endpoint me we want to see if he can extract the data from the token and give us what we need for uh from from the user so this time we're not going to forget to change the name it's going to be test all right so i can return username and password okay what's the name of it extract token extract so again if you written the username and the password of the user okay so for this one same thing we're gonna be he's already there anyway so we're gonna be giving him the better token to tell him it's it's me i have the password uh the password being the token in my metaphor and from that we want him to give us data from the user here we're going to change it this is not hello world url this is extractor url okay wristband self gate token etc okay and here again because the password is going to change the design because it's a hash we don't want to be hard coding the the data like we did here we're just going to tell him to give us the keys and in the keys we want to have a username and password okay should be working let's do this okay so that's how you call oh i'm sorry here i forgot true it's actually assert true and not answered equal we're just making sure that this is true there we go and there we go he's happy okay the test run fine again we're gonna show what's in the what's in the the restaurants there we go see his name this is my username this is the password encoded okay all the tests are working fine we could add some more tests we could check out that for each of those we could check out that he's not giving us uh what we're asking if we're not authenticated but we've already tested this here with test login so i'm not going to add another test to make sure that i don't know this thing doesn't return hello world if i'm not authenticated or that this one doesn't return username and password if i'm not authenticated i think this is enough you you got the idea of course i could do this if i was uh doing a real project but i think that now this part of the tutorial was long enough and now we're going to move to the next part of our tutorial with using docker to containerize our app okay right before we're diving into docker um we're going to generate a documentation for this api and this is going to be really fast so first thing we want to do is to use those little tools we're going to install those two things and from this we're going to be able to generate an api documentation really fast okay so now that i've installed this and that uri template in pi yemo we're gonna execute that command manage.pi generate schema file open api schema dot so we're telling him that this is the file in which he's gonna generate the schema okay let's do this okay and now here he's created a making sure this is recording yeah he's creating a um he has created an open api schema yaml file where all the information regarding our api is in there and you can then upload that to swagger and it's going to generate a beautiful documentation for you which is what we're going to do right now so let's actually see swagger okay we're going to go there so this is the url that you want to access if you're using swagger we're going to do create new import and document api and we're just going to go into that folder here authenticator and select that file okay oh import he says is that it because it's yaml and here from there from this this is our file he has generated here this uh interactive interface where you can see how uh the api works okay so i guess it gives you everything basically but again this tutorial is not about swagger but just to tell you that doing this quick this quick installation and generating the documentation you can then upload it in swagger and have a clean beautiful documentation for your api and now after we did this we're actually going to be diving into docker okay so now let's create our docker file we're going to do a right click here actually here and we're going to create a darker file like this okay so at first we're going to use an image of python of python 3. then we're going to be saying that we want python and buffered one so what this does is that it makes sure that anything that python is saying is going to be written directly in our containers terminal then we're going to create a work directory code called app we're going to tell him to basically write everything that's in requirements.txt txt in the app folder then we're going to tell him to run peep install requirements and then we're going to tell him to copy everything we have so the dot means here everything does here you put it in the app folder okay next step is going to be to create a docker compose file okay we're going to be using 3.9 okay and we're just going to create a service web okay we will tell him okay you're going to oh forgot the dot here uh you're going to be using that command to launch the server so what this means is that basically you can use any ip address venues is going to be accepting an ip address okay we're sending reports and for what we're doing this should be enough so now that we did this we're going to do by the way this makes me think that we didn't do the requirements.txt so let's do it we're going to be pip freeze and we're going to tell him to put all that in a requirements that takes the file okay now everything's there and he can use it okay let's do it we're gonna do a docker compose build to build the container okay and now we're going to do a docker compose app okay so as you can see here he has started the server and that's it so this is the end of the tutorial i hope that you've appreciated it um if you have any comment any questions don't be afraid to ask and i will answer as fast as possible until then i wish you an excellent day bye
Info
Channel: Code X Business
Views: 1,505
Rating: undefined out of 5
Keywords:
Id: BmOKr-cMhVA
Channel Id: undefined
Length: 36min 41sec (2201 seconds)
Published: Wed Apr 21 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.