Easy REST Authorization:Django JSON Web Token

JSON Web Token better known as JWT is a JavaScript based system to provide encryption and authorization for any Web App using JavaScript or any of its Frameworks like NodeJS.

110% Complete JWT Authentication with Django & React - 2020 ...
(Image: https://hackernoon.com/drafts/1gn2er5.png)

The following article explains how JWT works along with a basic tutorial explaining its integration with Django Rest Framework.

How JWT works?

JWT is a way of authorization using Username, Password and two tokens, Access and Refresh with Access token with a short life time, while Refresh token with a lifetime of about a day, as it is used to generate new Access token when the current access token expires.

The token is made of 3 parts:-

  1. Header
  2. Payload
  3. Signature

Which is encoded using Base64.

Basic Installation and Setup Introduction

Install simplejwt dependency onto your system

pip install djangorestframework_simplejwt

Go to the provided GitHub ink to download the base project

https://github.com/FalseG0d/JWTTutorial/tree/master

Now fix the settings.py file of the project to allow the use of token

REST_FRAMEWORK={
    'DEFAULT_PERMISSION_CLASSES':('rest_framework.permissions.IsAuthenticated',),
    'DEFAULT_AUTHENTICATION_CLASSES':('rest_framework_simplejwt.authentication.JWTAuthentication',)
}

In the urls.py file pf the main project import 2 new dependencies and 2 more paths in the urlpatterns which are as follow

from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
path('api/token',TokenObtainPairView.as_view()),
path('api/token/refresh',TokenRefreshView.as_view()),

With this you are good to go.

Usage and Trial

Open postman and under the POST request go to the following link.

http://127.0.0.1:<PORT_NO>/api/token

Also under the x-www-form-urlencoded of the body tag write the username and password of your choosing or use the default ones as.

KeyValue
usernameApoorv
passwordpassword
Default Key Values

Now create a new Tab on Postman as GET and enter the following URL

http://127.0.0.1:<PORT_NO>/department

Then under the authorization tab and select the bearer token and paste the access token that we received from the previous POST request. And send the request to view the data from the database.

The same method can be repeated to achieve all the CRUD operations using this authorization token.

Leave a Reply

Your email address will not be published. Required fields are marked *