The latest articles on DEV Community by Muhammad Asif (@asifuddin). https://dev.to/asifuddin https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F560953%2Fe1cd9a86-4c51-40ee-b363-f2f68b0772d6.png https://dev.to/asifuddin en Muhammad Asif Tue, 19 Sep 2023 05:15:27 +0000 https://dev.to/asifuddin/setting-up-jwt-authentication-in-django-rest-framework-4ocd https://dev.to/asifuddin/setting-up-jwt-authentication-in-django-rest-framework-4ocd <p>In this Post, we'll discuss how to set up JSON Web Token (JWT) authentication in Django REST Framework using the <code>rest_framework_simplejwt</code> package. JWT authentication is a secure and popular method for authenticating users in web applications.</p> <h2> Prerequisites </h2> <p>Before implementing JWT authentication, ensure you have the following installed and configured:</p> <ul> <li>Django</li> <li>Django REST Framework</li> <li><code>rest_framework_simplejwt</code></li> </ul> <h2> Configuration </h2> <ol> <li><strong>Install Dependencies</strong></li> </ol> <p>Make sure you have <code>rest_framework</code> and <code>rest_framework_jwt</code> installed. If not, you can install them using pip:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">pip</span> <span class="n">install</span> <span class="n">djangorestframework</span> <span class="n">pip</span> <span class="n">install</span> <span class="n">djangorestframework</span><span class="o">-</span><span class="n">jwt</span> </code></pre> </div> <ol> <li><strong>Django Settings Configuration</strong></li> </ol> <p>In your Django project's settings (<code>settings.py</code>), configure the REST framework with JWT authentication by adding the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">REST_FRAMEWORK</span> <span class="o">=</span> <span class="p">{</span> <span class="s">"NON_FIELD_ERRORS_KEY"</span><span class="p">:</span> <span class="s">"errors"</span><span class="p">,</span> <span class="s">"DEFAULT_AUTHENTICATION_CLASSES"</span><span class="p">:</span> <span class="p">(</span> <span class="s">'rest_framework.authentication.BasicAuthentication'</span><span class="p">,</span> <span class="s">'rest_framework_simplejwt.authentication.JWTAuthentication'</span><span class="p">,</span> <span class="p">),</span> <span class="p">}</span> </code></pre> </div> <p>This code snippet tells Django REST Framework to use JWT authentication as the default authentication mechanism.</p> <ol> <li><strong>URL Configuration</strong></li> </ol> <p>In your <code>urls.py</code> file, set up the endpoints for token management:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">from</span> <span class="nn">rest_framework_simplejwt.views</span> <span class="kn">import</span> <span class="n">TokenObtainPairView</span><span class="p">,</span> <span class="n">TokenRefreshView</span><span class="p">,</span> <span class="n">TokenVerifyView</span> <span class="n">urlpatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="n">path</span><span class="p">(</span><span class="s">'gettoken/'</span><span class="p">,</span> <span class="n">TokenObtainPairView</span><span class="p">.</span><span class="n">as_view</span><span class="p">(),</span> <span class="n">name</span><span class="o">=</span><span class="s">"get_token"</span><span class="p">),</span> <span class="n">path</span><span class="p">(</span><span class="s">'refreshtoken/'</span><span class="p">,</span> <span class="n">TokenRefreshView</span><span class="p">.</span><span class="n">as_view</span><span class="p">(),</span> <span class="n">name</span><span class="o">=</span><span class="s">"refresh_token"</span><span class="p">),</span> <span class="n">path</span><span class="p">(</span><span class="s">'verifytoken/'</span><span class="p">,</span> <span class="n">TokenVerifyView</span><span class="p">.</span><span class="n">as_view</span><span class="p">(),</span> <span class="n">name</span><span class="o">=</span><span class="s">"verify_token"</span><span class="p">),</span> <span class="p">]</span> </code></pre> </div> <p>These endpoints will be used to obtain, refresh, and verify JWT tokens.</p> <ol> <li><strong>Authentication Logic</strong></li> </ol> <p>In your authentication logic, such as a login view, you can generate and return JWT tokens upon successful user authentication. Here's a sample code snippet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">from</span> <span class="nn">rest_framework_simplejwt.tokens</span> <span class="kn">import</span> <span class="n">RefreshToken</span> <span class="kn">from</span> <span class="nn">django.contrib.auth</span> <span class="kn">import</span> <span class="n">login</span> <span class="k">as</span> <span class="n">dj_login</span> <span class="k">if</span> <span class="n">user</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">dj_login</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">user</span><span class="p">)</span> <span class="n">refresh</span> <span class="o">=</span> <span class="n">RefreshToken</span><span class="p">.</span><span class="n">for_user</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">serializer</span> <span class="o">=</span> <span class="n">AccountSerializer</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="n">Response</span><span class="p">({</span> <span class="s">"access_token"</span><span class="p">:</span> <span class="nb">str</span><span class="p">(</span><span class="n">refresh</span><span class="p">.</span><span class="n">access_token</span><span class="p">),</span> <span class="s">"refresh_token"</span><span class="p">:</span> <span class="nb">str</span><span class="p">(</span><span class="n">refresh</span><span class="p">),</span> <span class="s">'data'</span><span class="p">:</span> <span class="n">serializer</span><span class="p">.</span><span class="n">data</span> <span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_200_OK</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="n">Response</span><span class="p">({</span><span class="s">'error'</span><span class="p">:</span> <span class="s">'Invalid credentials'</span><span class="p">},</span> <span class="n">status</span><span class="o">=</span><span class="mi">400</span><span class="p">)</span> </code></pre> </div> <p>This code logs in the user, generates a new access token and refresh token, and returns them in the response along with user data upon successful authentication. If authentication fails, it returns an error message.</p> <p>5.<strong>JavaScript Code Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwtToken</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">YOUR_JWT_TOKEN</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Replace with your actual JWT token</span> <span class="kd">const</span> <span class="nx">apiUrl</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">http://your_domain/verifytoken/</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Replace with your verification endpoint URL</span> <span class="c1">// Function to verify the JWT token</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">verifyToken</span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">fetch</span><span class="p">(</span><span class="nx">apiUrl</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="k">if</span> <span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">200</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Token is valid</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Token verification failed</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">An error occurred during token verification:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Call the verifyToken function with your JWT token</span> <span class="nx">verifyToken</span><span class="p">(</span><span class="nx">jwtToken</span><span class="p">);</span> </code></pre> </div> <p>Replace <code>"YOUR_JWT_TOKEN"</code> with the actual JWT token you want to verify, and <code>"http://your_domain/verifytoken/"</code> with the URL of your Django verification endpoint.</p> django api python djangorestframework