JWT Authentication Using Django REST Framework SimpleJWT | Learn Django REST Framework #10

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone welcome back so in this video we're going to be looking at jwt authentication we're going to be looking at how to implement the wt authentication within jungler's framework and we're going to be using a plugin called the jungle rest framework simple jwt plugin so this plugin is going to allow us to carry out our jwt authentication in a very easy way so to get started i'm going to head over to our getting started section i'm going to make sure that i leave the documentation link in the description so within here we're going to get started by installing jungle stream maxim project wt so i'll go ahead and install it here i'll open up my time you know and what i have to do is to install this lina app so after installing it we are going to go ahead and freeze it within our acquirements.txt file and then we are good to go so the first thing we're going to do is to actually provide our default authentication class so when we are using this we actually provide we are given a default authentication class which is that dwt authentication class so we shall need to add it to our list of authentication classes now we're going to do that is by going to our settings and then our rest framework settings so within our framework settings we're going to go where we specified our default authentication classes and then provide our jwt authentication class so this camera right here and simply add our jwt authentication class and right after doing that then the next thing we're going to do is to add our views for obtaining our token pair as well as refreshing our token pair for refreshing our access token so when using jwt authentication when we authenticate we are provided two pairs of tokens we have provided actually a pair of tokens so this contains the access token as well as the refresh token so the access token is one that allows us to access the protected parts of our application and refresh token allows us to create a new access token in case our access token has expired so to do that you're going to go to our accounts app and then within our accounts app i'm going to begin by going to our urls.poi so then i url.py i'm going to begin by first importing our class based reviews so we get access to that token obtain pair view as well as a token refresh view we also need to get the token verified with the screen to allow us to verify our tokens so what i'm going to do is to come at the top of our code right here and import some stuff so i'll begin by importing our first framework simple jwt and then within our restaurant maxim project wwt we're going to access the following so we're going to begin it's actually going to be from that views for quite this so it's going to be from that views and then we're going to access the following view so we're going to access that token obtain pair view we're also going to access the token refresh view we're also going to access the token verify view so once we have these then we're going to create urls for them so i'll just come right here and provide our path and this case our path is going to be slash so this will be slash dwt slash create and once you have this then you shall have our views so in this case we're going to have obvious and actually it's going to it's not going to be obvious but we are talking obtained paired view then shall provide it as view so once you have this we shall provide that name and our name is going to be jwt create so i'm just going to come and provide that name as dwt create and once we have this thing the next view we are going to implement is one for refreshing our token so shall just call it slash dwt slash refresh and once you have this url then you shall provide that view as token refresh view so this is going to be our token refresh view dot as view and then we shall have our name being equal to our token refresh view so once we have this thing i'll just simply come right here and say that shall have our path and our path is going to be slash dwt slash verify so this will be the one for verifying our access token and we shall have a token verify view so i'll just call that dota's view method and then shall provide that name and that name is going to be equal to token profile so once we have this i'm going to go ahead and save and hoping that our server is running so i'll just simply come right here and run our server again so our server is running we don't have any errors so what i'm going to do in this case is to go ahead and test our endpoints so when i go to my installment right here i'm going to begin by creating a new request and this is going to be for creating a jwt or jots that's how they pronounce their diabetes so i'll come right here and provide this as a post request so shall need to provide a body that's going to be of type json so i'm going to create this request and we shall have our urls so our url is going to be localhost 8000 so shall come and provide slash auth and then slash dwt so once you have this we are going to provide our create url so shall need to provide the same credentials that you use for logging in a user so i'm just going to come where we log in a user here and then we actually when we try to send this supposed to get an access token but we're going to basically customize it so that we can actually get both an access and a refresh token as you're going to see so i'm going to copy this and when we come right here i provide our email and password when we send this we get access to our access and refresh token so what happens is when you provide these credentials we check our user we check if i use how this credentials exist and then when the user exists we actually return an access and the refresh token so once we have that then let's go ahead and look at how we can refresh our access token so by refreshing we need to provide a refresh token so i'm just going to come and copy it from here unless you have a refresh token we need to use this refresh token to access a new access token now this is important as it allows us to basically get a new access token after our access token has actually expired so i'm going to go and create a new request so this request is going to be for uh refresh for refresh uh jwt so i'm just going to come and say that yeah we're going to refresh our jwt and once you have this and now call this a post request so this will have a body as json i'll go ahead and create this so we're going to have a localhost and this will be eight thousand so shall have our url slash jwt and slash refresh now now that we have this we are going to provide our body but our body in this case is actually going to have our refresh token so once we have our refresh token i'm going to come and provide the refresh token by pasting it so when we send this we now see that a new access token has actually been created for us now let us try to test whether this access token is actually valid so i'll just come and copy this and then we shall visit our url for verifying our token so i'll just come and say that you're going to have a verify jwt and then let's just say that this is going to be post and then we shall create a body as json so when i go ahead and create this shall have our localhost and this will be eight thousand so it's going to be slash here wt so it's going to be slash both and then slwt the initial access slash uh here we're going to actually access that verify endpoint so once you have this thing i'll just simply come right here and provide our token this taking is actually going to be the key of talking and english i have the value as lower access token so when i send this so we actually see could not resolve so this is actually supposed to be localhost sorry for this so i provide localhost and then try to send this we now see that our token is valid because we have returning and okay status quo all right so we've been able to look into how these views work the next thing we need to do is to look at some of the settings that you can set up to allow or to customize their functionality for our jungle stream maximum project now jungle stream maxim project wt provides for us a set of settings that allow us to customize our functionality so i'm going to head over back to the documentation right here and you're going to go to the settings part so within the settings we have a bunch of settings right here and the most important ones are going to be our access token lifetime as well as our refresh token lifestyle lifetime so this is actually going to be uh this is going to be customized according to the way you want your application to function i'm simply going to copy these two and i'll come right here and then as it installed py we're going to create a dictionary containing settings that are specific to our simple jwt so just come right here and say simple jwt and this is going to be a dictionary so it's going to contain these two settings now we're going to have our access token lifetime and this is going to have a datetime date time delta object and this is a default of five minutes but once it adds to two hours so i begin by importing our time delta class so i'll just come and say from that time we are going to import our time delta class and once you import that i'm simply going to come right here in our settings and change this from minutes to hours so we shall have our hours be equal to two hours and then you shall leave these two dates our our one day time delta so in this case we're going to have our token refresh talking lifetime as one day as well as our access token lifetime as two hours so our tokens will only exist for two hours after which they will be expired and our refresh tokens also exist for one day after which they will be expired so after setting that we're going to also come right back here and specify that javascript which will be a secret key so i'm just going to come and copy this and provide it here social user signing key our secret key to saying these tokens that we create unless we do that then also we provide that with header types so in this case i'm just going to copy this and it's going to actually be better so just going to come and provide it here so i'll say that it's a way to be better and baby by this we actually mean that when we pass our authorization header we shall have our bearer and then the token so we shall be passing in we shall be passing out header as bearer and then the token so in this case which will be in this form so this is what we actually mean by the authentic type so once we we've done this let us try to actually access the predicted endpoints of our application so to do that i'll simply come right within our insomnia right here so let us try to get all posts so i'll begin by deleting i was actually trying this out so let me delete our how let me actually delete our auth here that's when you try to access this you now see that authentication credentials are not provided and you have a status quo 2403 forbidden which tells us the client has no access rights to the content all right so let's try to do this so i'm just going to come here and provide an authorization header and this is going to be our authorization and within here we are actually going to come and provide our value as bearer and then our access token so i'm just going to come here and then we shall get our access token right here so i'll just simply come where we get our posts go to our headers and then provide our token so when you try to access this so we now see that our token is not valid so let's try to actually access a new token so i'll get our access token for now and then go back where creator a new post will get all posts so this is actually going to be there and then the tokens when i send this we now see that we can be able to access our our items or our posts so honestly speaking this is an easy way for us to carry out our jwt authentication now another thing i'm going to talk about is how we can be able to generate our tokens manually so january's framework simple.jwt provides for us a mechanism in which you can be able to generate these tokens manually so they were going to do that i mean to go to our accounts app so i'm going to show you the views that you created so in the previous video we created a view that was responsible for returning our oauth token because we're using token based authentication now in this case we're going to look at how we can return a set of tokens or a pair of tokens instead of just returning our users of token so to do that i'm simply going to come at the top of our code oh i'll actually create a new file within our accounts app so i'm going to call this our tokens dot py and then within our tokens dot py i'm going to begin by importing the refresh talking class which is responsible for actually generating a token pair so i'm just going to come and say from first framework simple jwt we are going to import our so this will be our refresh token it's actually going to be within the tokens module and then we shall access the refresh token class so once you have access to the refresh token class i'm also going to need our user modules or this camera right here and say from dot django.com dot auth dot so in this case actually i'll just come and say we're going to import our git user model function so to get our user model we're going to just call our get user model function and once you've called that so i'll just come right here and create a new function so this is going to be create jwt pair so so it's going to create a dwt pair for user now in this case shop certified that we're going to require a user who is going to be of type user which is our user class or our custom user class now in this case we shall have to faster generate our refresh token so to do that shall just come and say that our refresh is going to be go through our refresh token so rent command say refresh token dot in this case shall call that dot for user function and then here i shall specify that is going to be our user so once we have this then i'm going to generate our tokens which is going to be a dictionary containing access token so our access taking is actually going to be a string representation of the access token that this refresh token is going to have so shall access that via refresh dot access token and then we are also going to have a refresh token so i'm just going to come and say that shall have refresh and this will be a string representation of our refresh token that's created for that specific user up here so once we've done that then we all we shall need this function to do is to just return our tokens all right now that you've been able to do this let's go ahead and apply this in obvious dot py so we have this field that allowed us to return an access token for a user or actually it was an auth token for a user when you log in so we're going to be customizing this so that it can actually return for us a pair the access token as well as the refresh token now begin by importing our functions i'll just come and say from tokens we are going to go ahead and import our create jwt pair for user function so once we've done that so i'll just come right here okay now login view and then once we have our user we can just generate our tokens by just coming here and saying that if user is not none then shall this come and generate our token so i'll just come and create a tokens variable and this will be a call to that critical pair for user who shall need that user to be a user and once you have our user name we shall return our response instead of containing just the autocad we shall create our token pair and then come and specify that this will be our tokens so once we have this i mean save and let's go ahead and test this out so i'll go back to our instagram right here and then on that url for logging in a user we shall basically send this request so when i send connect to the server it seems like our server is down so no module name tokens it's actually supposed to be dot tokens because it's located within the current directory so nsf hoping that our server is running yeah so no errors so when we tried saying this we now see that instead of returning for us the auth token we are actually returning our jwt pair in this video i've been able to look at jwt authentication using the jungle stream maxim for jwt plugin if you've learned from this video please leave a like don't forget to subscribe if you're new thank you for watching guys and i hope to see you in the next framework video bye
Info
Channel: Ssali Jonathan
Views: 10,090
Rating: undefined out of 5
Keywords: django rest framework, django rest framework jwt authentication, django jwt authentication example, jwt django rest framework, django jwt authentication tutorial, django rest framework jwt, jwt django rest framework tutorial, django, jwt django authentication, django jwt token authentication, django rest framework authentication, jwt django rest, django jwt, jwt authentication, django rest framework tutorial, simplejwt django rest framework
Id: Dc0blFip6B8
Channel Id: undefined
Length: 20min 12sec (1212 seconds)
Published: Sat May 28 2022
Related Videos
Serializer Relationships (Using Nested Serializers) | Learn Django REST Framework #11
Ssali Jonathan
5K
Next.js and Django JWT Authentication | Part 1 - Backend API
Bryan Brkic
24K
Token authentication django rest framework | Django rest framework token authentication [ token ]
Code Keen
35K
Generating Authentication Tokens (Django Rest framework TokenAuthentication)
CodingWithMitch
94K
Token Authentication In Django REST Framework | Learn Django REST Framework #9
Ssali Jonathan
11K
Creating a Custom User Model For Authentication | Learn Django REST Framework #7
Ssali Jonathan
7.6K
JWT Logout View with Refresh Token BlackList. Django Rest Framework Project Tutorial [24]
Cryce Truly
15K
Django Login using Access & Refresh Tokens
Scalable Scripts
14K
Implement Token Based Authentication using Django Rest API in 15 Minute | POSTMAN | Django TokenAuth
OSTechHelp
21K
Build a RESTful API with Django: User Authentication and Login/Logout Functionality
Django World
12K
Django Rest Framework | Serializers & CRUD
Dennis Ivy
374K
Django Rest Framework for Beginners - Simple CRUD API
John Watson Rooney
42K
JWT Authentication Masterclass: Access & Refresh Tokens | Secure Your MERN Stack App
Code With Yousaf
11K
What Is JWT and Why Should You Use JWT
Web Dev Simplified
1.1M
Django, Djoser & Simple JWT: Building a Secure API and Email Workflows
WebTech Guru
3.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.