Django DRF JWT
原创
https://jpadilla.github.io/django-rest-framework-jwt/
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.
Json web token (JWT), 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准((RFC 7519).该token被设计为紧凑且安全的,特别适用于分布式站点的单点登录(SSO)场景。JWT的声明一般被用来在身份提供者和服务提供者间传递被认证的用户身份信息,以便于从资源服务器获取资源,也可以增加一些额外的其它业务逻辑所必须的声明信息,该token也可直接被用于认证,也可被加密。
local pyjwt test
# pip install pyjwt
import jwt
encoded_jwt = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
decoded_jwt = jwt.decode(encoded_jwt, 'secret', algorithms=['HS256'])
print(encoded_jwt)
print(decoded_jwt)b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkfiJ9.Pm0vaMVKxSFn4T8iNWiqqH5ZJ42yRgwfr86zuak1A4g'
{'hello': 'world~'}djangorestframework-jwt
pip install djangorestframework-jwt# ------------------------------------------------------------ #
# settings.py DRF+JWT
# ------------------------------------------------------------ #
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}
import datetime
JWT_AUTH = {
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_AUTH_HEADER_PREFIX': 'Bearer',
'JWT_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_payload_handler',
'JWT_ALLOW_REFRESH': True,
}
# ------------------------------------------------------------ #
# settings.py path
# ------------------------------------------------------------ #
from django.contrib import admin
from django.urls import path
from rest_framework_jwt.views import (
obtain_jwt_token,
verify_jwt_token,
refresh_jwt_token
)
urlpatterns = [
path('admin/', admin.site.urls),
path('login', obtain_jwt_token, name='login'),
path('verify', verify_jwt_token, name='verify'),
path('refresh', refresh_jwt_token, name='refresh'),
]curl -X POST -d "username=readme&password=2" http://127.0.0.1:8000/login
still pending
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
腾讯云开发者
