A JSON Web Token authentication plugin for the Django REST Framework.

Overview
Comments
  • Looking for maintainers (and Thank You to the community!)

    Looking for maintainers (and Thank You to the community!)

    Hey folks! So Simple JWT has really come a ways in terms of popularity (further than I probably would have imagined). For that, I owe a big "Thank you!" to the community of Django and REST devs that have used and contributed to the project!

    However, for a while now I haven't had a lot of time to devote to addressing issues and feature requests. My professional life dominates my schedule and it also hasn't tended to involve much REST API development in recent years. But the library continues to enjoy widespread use. Contributors request/develop features and identify usability/security issues on a daily basis. I don't have enough time in my personal schedule to serve all of the community's needs! But I want to see the project continue to succeed.

    For that reason, I'm interested in hearing from any devs that wish to become involved in maintaining this project. I'm particularly interested in hearing from devs who have contributed to this project in the past and/or who can demonstrate experience with similar engineering projects. Significant histories of open source contribution are obviously a plus! If you're located in Boulder, CO (which is in the US), that's also a huge plus. We could potentially meet in person to get acquainted.

    Please reply to this issue if you think you match the above criteria! I'm looking forward to hearing from all of you!

    opened by davesque 55
  • Implement Jazzband guidelines for django-rest-framework-simplejwt

    Implement Jazzband guidelines for django-rest-framework-simplejwt

    This issue tracks the implementation of the Jazzband guidelines for the project django-rest-framework-simplejwt

    It was initiated by @davesque who was automatically assigned in addition to the Jazzband roadies.

    See the TODO list below for the generally required tasks, but feel free to update it in case the project requires it.

    Feel free to ping a Jazzband roadie if you have any question.

    TODOs

    • [x] Fix all links in the docs (and README file etc) from old to new repo
    • [x] Add the Jazzband badge to the README file
    • [x] Add the Jazzband contributing guideline to the CONTRIBUTING.md or CONTRIBUTING.rst file
    • [x] Port continuous testing to GitHub Actions (away from Circle, see previous migrations in https://github.com/orgs/jazzband/projects/1)
    • [x] Check if test coverage services work (must be Codecov, etc)
    • [x] Add jazzband account to PyPI project as maintainer role (e.g. URL: https://pypi.org/manage/project/django-rest-framework-simplejwt/collaboration/)
    • [x] Add jazzband-bot as maintainer to the Read the Docs project (e.g. URL: https://readthedocs.org/dashboard/django-rest-framework-simplejwt/users/)
    • [x] Add incoming GitHub webhook integration to Read the Docs project (e.g. URL: https://readthedocs.org/dashboard/django-rest-framework-simplejwt/integrations/)
    • [x] Fix project URL in GitHub project description
    • [x] Review project if other services are used and port them to Jazzband
    • [x] Decide who is project lead for the project (if at all) (@davesque and @Andrew-Chen-Wang)
    • [x] Set up CI for Jazzband project releases if needed and open ticket if yes

    Project details

    Description A JSON Web Token authentication plugin for the Django REST Framework.
    Homepage https://django-rest-framework-simplejwt.readthedocs.io/
    Stargazers 2236
    Open issues 81
    Forks 351
    Default branch master
    Is a fork False
    Has Wiki True
    Has Pages False
    enhancement help wanted 
    opened by jazzband-bot 26
  • Example SimpleJWT repositories: Contribute!

    Example SimpleJWT repositories: Contribute!

    Hi all! Due to the sheer number of requests and urges for #157 to be merged, I have created a template repository with a Django server ready-to-go. To generate a sample repository for SimpleJWT, please press the "Use this template" button so that you don't fork the repository; this way, you can rename the repository to whatever name you want (although please follow naming conventions of the React and Vue.js repos already setup. It'd be great if you could also transfer ownership to the SimpleJWT organization so that everyone knows about it -- i.e. viewable -- and can be maintained by the community).

    The template repository: https://github.com/SimpleJWT/drf-SimpleJWT-server-template

    Currently created repositories:

    • [X] iOS and Android (complete): https://github.com/Andrew-Chen-Wang/mobile-auth-example
    • [ ] Angular (in progress): https://github.com/SimpleJWT/drf-SimpleJWT-Angular
    • [X] React (Complete): https://github.com/SimpleJWT/drf-SimpleJWT-React
    • [X] VueJS (Complete): https://github.com/SimpleJWT/drf-SimpleJWT-Vue

    In the future:

    • React Native
    • Flutter browser
    • Flutter mobile

    There are other frontend frameworks like Angular (JS), Flutter (Dart), Ember (JS), etc. If I didn't create them, it just means I undervalue them (jk). I just don't want to get ahead of myself. If you want to contribute and you're using one of these frameworks, by all means @Andrew-Chen-Wang (i.e. mention me) in this issue, and I will create a repository for you.

    To reiterate, you will need unittest cases. For those who want the #157 merger, at least two frontend frameworks that are used on web browsers must be completed and tested to have the PR to be considered for merger. Not only that, it must use the PR's latest commit (do not use master branch; specify a commit SHA). I cannot stress this enough: security is number one priority. To publish a package with, imo, still a highly insecure PR since there is still no one who has given me a single test repository, SimpleJWT would be doomed in vulnerabilities and CVEs.

    So.... Thanks for contributing Djangonauts!

    enhancement help wanted 
    opened by Andrew-Chen-Wang 22
  • AttributeError: 'str' object has no attribute 'decode'.

    AttributeError: 'str' object has no attribute 'decode'.

    Hey– I'm trying to get this package integrated and I'm getting something odd here when a jwt is being created. Is anyone else running into this issue? I'm on 4.4.0

    AttributeError: 'str' object has no attribute 'decode'.

      File "/.../.venv/lib/python3.7/site-packages/rest_framework_simplejwt/tokens.py", line 226, in for_user
        token=str(token),
      File "/.../.venv/lib/python3.7/site-packages/rest_framework_simplejwt/tokens.py", line 82, in __str__
        return token_backend.encode(self.payload)
      File "/.../.venv/lib/python3.7/site-packages/rest_framework_simplejwt/backends.py", line 43, in encode
        return token.decode('utf-8')
    AttributeError: 'str' object has no attribute 'decode'
    
    bug 
    opened by aaronn 20
  • Why is there a database hit at every request ?

    Why is there a database hit at every request ?

    Hi and thanks in advance,

    I've successfully setup JWT authentication using django-rest-framework-simplejwt and React but I'm still very confused about the advantages and specifically database hits. I'm using simplejwt with ROTATE_REFRESH_TOKENS': True 'BLACKLIST_AFTER_ROTATION': True, when my access_token expire I ask for a new one through /api/token/refresh and it blacklist old tokens, I'm using axios interceptors to perform that automatically.

    But in my understanding the benefits of JWt is that they are stateless, meaning I don't have to hit the user database table everytime I want to make an a request that needs authentication permission. The problem is even with a simple view like this :

    class IsConnecteddAPI(APIView):
    
        permission_classes = [permissions.IsAuthenticated]
    
        def get(self, request, *args, **kwargs):
            data = "You seem to be connected"
    
            return Response(data, status=status.HTTP_200_OK)
    

    using django-silk I see that it still performs 1 query to my user table when my access token is valid , is that normal ? I'm really confused.

    Here are django silk outputs screen1 screen2 screen3 screen4

    Isn't get_user from https://github.com/SimpleJWT/django-rest-framework-simplejwt/blob/master/rest_framework_simplejwt/authentication.py hiting the user object everytime ?

    I've already asked the question on reddit and SO and they advised me to remove AuthMiddleware, so I removed both 'django.middleware.csrf.CsrfViewMiddleware' and 'django.contrib.auth.middleware.AuthenticationMiddleware' but I still get the same result. Setting permissions_classes to AllowAny doesn't vhange anything either.

    That's my axios code if needed :

    import axios from "axios";
    
    
    const baseURL = "http://localhost:5000";
    
    const axiosInstance = axios.create({
      baseURL: baseURL,
      timeout: 5000,
      headers: {
        Authorization: localStorage.getItem("accesstoken")
          ? "JWT " + localStorage.getItem("accesstoken")
          : null,
        "Content-Type": "application/json",
        accept: "application/json",
      },
    });
    
    const axioAnonymousInstance = axios.create({
      baseURL: baseURL,
      timeout: 5000,
      headers: {
        "Content-Type": "application/json",
        accept: "application/json",
      },
    });
    
    axiosInstance.interceptors.response.use(
      (response) => {
        return response;
      },
      async function (error) {
        const originalRequest = error.config;
    
        if (typeof error.response === "undefined") {
          alert(
            "A server/network error occurred. " +
              "Looks like CORS might be the problem. " +
              "Sorry about this - we will get it fixed shortly."
          );
          return Promise.reject(error);
        }
    
        if (
          error.response.status === 401 &&
          originalRequest.url === baseURL + "token/refresh/"
        ) {
          window.location.href = "/login/";
          return Promise.reject(error);
        }
    
        if (
          error.response.data.code === "token_not_valid" &&
          error.response.status === 401 &&
          error.response.statusText === "Unauthorized"
        ) {
          const refreshToken = localStorage.getItem("refreshtoken");
    
          if (refreshToken) {
            const tokenParts = JSON.parse(atob(refreshToken.split(".")[1]));
    
            // exp date in token is expressed in seconds, while now() returns milliseconds:
            const now = Math.ceil(Date.now() / 1000);
            console.log(tokenParts.exp);
    
            if (tokenParts.exp > now) {
              return axioAnonymousInstance
                .post("/api/token/refresh/", { refresh: refreshToken })
                .then((response) => {
                  localStorage.setItem("accesstoken", response.data.access);
                  localStorage.setItem("refreshtoken", response.data.refresh);
    
                  axiosInstance.defaults.headers["Authorization"] =
                    "JWT " + response.data.access;
                  originalRequest.headers["Authorization"] =
                    "JWT " + response.data.access;
    
                  return axiosInstance(originalRequest);
                })
                .catch((err) => {
                  // redirect ro /login here if wanted
                  console.log("axios Safe Instance error");
                  console.log(err);
                  // window.location.href = "/login/";
                });
            } else {
              console.log("Refresh token is expired", tokenParts.exp, now);
              window.location.href = "/login/";
            }
          } else {
            console.log("Refresh token not available.");
            window.location.href = "/login/";
          }
        }
    
        // specific error handling done elsewhere
        return Promise.reject(error);
      }
    );
    
    export { axiosInstance, axioAnonymousInstance };
    
    

    ( I know I shouldn't use localStorage but whatever )

    and I would typically just call this function to make the simple request to the view written above :

     const IsConnected = () => {
        axiosInstance
          .get("/api/is_connected/")
          .then((response) => {
            if (response.status === 200) {
              console.log(response.data);
              console.log("Is connected : CONNECTED ");
            } else {
              console.log("IS connected : not connected");
            }
          })
          .catch((error) => {
            console.log("Is connected : NOT CONNECTED");
            console.log(error);
          });
      };
    
    
    question 
    opened by StitiFatah 18
  • Release new version to PyPI

    Release new version to PyPI

    Could a new release be pushed to PyPI that includes #186?

    For users using Django 3.0, django-rest-framework-simplejwt currently throws a warning. If running unit tests with -Werror, this causes builds to failed unless the warning is suppressed.

    enhancement 
    opened by johnthagen 18
  • Possible bug: 'str' object has no attribute 'decode' after PyJWT upgrade from 2.0.0a1 to 2.0.0

    Possible bug: 'str' object has no attribute 'decode' after PyJWT upgrade from 2.0.0a1 to 2.0.0

    Recently the PyJWT package has been updated and is throwing this error when generating a token.

    PyJWT latest version: https://github.com/jpadilla/pyjwt/releases/tag/2.0.0

    The exception is raised in: rest_framework_simplejwt/backends.py in encode at line 43

    just in return token.decode('utf-8') line

    I have solved it by explicitly putting the PyJWT package in my requirements.txt file, just below djangorestframework-simplejwt

    version that introduces the error: PyJWT==2.0.0

    downgraded version to make it work: PyJWT==v1.7.1

    duplicate 
    opened by salazarfelipe 17
  • Usage of authenticate function in TokenObtainSerializer

    Usage of authenticate function in TokenObtainSerializer

    class TokenObtainSerializer(serializers.Serializer):
        username_field = User.USERNAME_FIELD
    
        def __init__(self, *args, **kwargs):
            super(TokenObtainSerializer, self).__init__(*args, **kwargs)
    
            self.fields[self.username_field] = serializers.CharField()
            self.fields['password'] = PasswordField()
    
        def validate(self, attrs):
            self.user = authenticate(**{
                self.username_field: attrs[self.username_field],
                'password': attrs['password'],
            })
            if self.user is None or not self.user.is_active:
                raise serializers.ValidationError(
                    _('No active account found with the given credentials'),
                )
    
            return {}
    

    TokenObtainSerializer is using authenticate function which makes it impossible use something else than User.USERNAME_FIELD for authentication.

    Let's say I set username_field to something else than User.USERNAME_FIELD, for example email (and assume User.USERNAME_FIELD equals to username). Is this going to work? authenticate function is going to use User.USERNAME_FIELD = username but serializer has received email field.

    opened by JerzySpendel 16
  • BlackListedToken has no attribute 'objects'

    BlackListedToken has no attribute 'objects'

    Hello! Awesome library, keep up the good work!

    I encountered a bug in the latest release which boils down to the following lines https://github.com/jazzband/djangorestframework-simplejwt/blob/4d7c7649813f9eae4bd28ed17da685cd3a61f2fe/rest_framework_simplejwt/serializers.py#L141-L151

      File "/home/user/.cache/pypoetry/virtualenvs/MSWA2ZbW-py3.8/lib/python3.8/site-packages/rest_framework/serializers.py", line 436, in run_validation
        value = self.validate(value)
      File "/home/user/.cache/pypoetry/virtualenvs/MSWA2ZbW-py3.8/lib/python3.8/site-packages/rest_framework_simplejwt/serializers.py", line 150, in validate
        if BlacklistedToken.objects.filter(token__jti=jti).exists():
    AttributeError: type object 'BlacklistedToken' has no attribute 'objects'
    

    I think whats happening here is that since I don't have the blacklisted app in my installed apps as I dont require it, the BlacklistedToken model is being set as abstract=True and since we aren't specifically checking the presence of the app in the above lines, this error happened

    bug 
    opened by Kandeel4411 15
  • Has anyone implemented this experimental feature JWTTokenUserAuthentication backend?

    Has anyone implemented this experimental feature JWTTokenUserAuthentication backend?

    So I've been trying to build a Django project that handles authentication centrally on a standalone basis using django-rest-framework-simplejwt. And other Django Rest Framework projects that use this for authentication. All projects will have their own databases.

    I am not quite sure what goes into the database section in settings.py of both the auth project and other projects. The documentation mentions something about JWTTokenUserAuthentication backend as an experimental feature and is quite inadequate.

    I have done some research and found I may have to use a remote user login or set up a proxy server. Can someone point me in the right direction?

    question 
    opened by Abishek05 14
  • Using a custom User model with SimpleJWT

    Using a custom User model with SimpleJWT

    Hi, I'm trying to use a custom User model/extension of the default Django auth.User model in my application.

    I created the User and Manager like so:

    import uuid
    
    from django.contrib.auth.base_user import BaseUserManager
    from django.contrib.auth.models import AbstractUser
    from django.db import models
    
    
    class CustomUserManager(BaseUserManager):
        def create_user(self, email, company_name, password=None):
            if not email:
                raise ValueError("User must have an email address.")
            if not company_name:
                raise ValueError("User must have a company name.")
    
            user = self.model(email=self.normalize_email(email),
                              company_name=company_name,
                              )
    
            user.set_password(password)
            user.save(using=self._db)
            return user
    
        def create_superuser(self, email, company_name, password):
            user = self.create_user(email=self.normalize_email(email),
                                    company_name=company_name,
                                    password=password,
                                    )
    
            user.is_admin = True
            user.is_staff = True
            user.is_superuser = True
            user.save(using=self._db)
            return user
    
    
    class CustomUser(AbstractUser):
        id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
        username = None
        email = models.EmailField(verbose_name="email", max_length=60, unique=True)
        company_name = models.CharField(max_length=30)
    
        # The following fields are required for every custom User model
        last_login = models.DateTimeField(verbose_name='last login', auto_now=True)
        date_joined = models.DateTimeField(verbose_name='date joined', auto_now_add=True)
        is_admin = models.BooleanField(default=False)
        is_active = models.BooleanField(default=True)
        is_staff = models.BooleanField(default=False)
        is_superuser = models.BooleanField(default=False)
    
        USERNAME_FIELD = 'email'
        REQUIRED_FIELDS = ['company_name']
    
        objects = CustomUserManager()
    
        def __str__(self):
            return self.email
    
        def has_perm(self, perm, obj=None):
            return self.is_superuser
    
        def has_module_perms(self, app_label):
            return True
    

    but when I create users of this model and try to login into my app with them instead of getting a JWT token like before I get a message stating that there are no active users with those credentials...

    How can I use SimpleJWT with a custom User model?

    Thanks

    question 
    opened by obvionaoe 13
  • Question: Need to create JW tokens, with JS, which are compatible with this library...

    Question: Need to create JW tokens, with JS, which are compatible with this library...

    Hi! I need to create a compatible JWT in JavaScript , which is able to authenticate API calls to a Django server using DRF, dj-rest-auth, and djangorestframework-simplejwt. The JWT I'm at the time being able to create with JS, isn't capable to be authenticated by the server. What is the minimal payload I've to use in generating the JWT? For example I've seen I need the user ID (rather than the user email). Any suggestions would be appreciated. Thank you.

    opened by fessacchiotto 0
  • Document token serializer settings

    Document token serializer settings

    opened by sevdog 0
  • cannot import some exception from jwt.exceptions

    cannot import some exception from jwt.exceptions

    File "./rest_framework_simplejwt/state.py", line 1, in <module>
        from .backends import TokenBackend
    File "./rest_framework_simplejwt/backends.py", line 7, in <module>
        from jwt import InvalidAlgorithmError, InvalidTokenError, algorithms
    File "./jwt/algorithms.py", line 5, in <module>
       from .exceptions import InvalidKeyError
    ImportError: cannot import name 'InvalidKeyError' from 'jwt.exceptions' (./site-packages/jwt/exceptions.py)
    

    Django==4.1.3 jwt==1.3 pyjwt==2.6.0 djangorestframework-simplejwt==5.2.2 downgrade to => djangorestframework-simplejwt==4.7.2 then problem fixed

    opened by alirezapla 0
  • Entire refresh token is saved in token_blacklist.OutstandingToken model

    Entire refresh token is saved in token_blacklist.OutstandingToken model

    When you use the token_blacklist app to revoke tokens, the app stores the full refresh tokens in plain text in the DB. Which seems like a security risk if a DB gets leaked. Even a django Admin can impersonate a user by simply copying their token.

    I'm not sure why this is needed, can't we use jti claim to revoke generated tokens? this would require us to decode the token before verifying it to look up the JTI_CLAIM in the BlacklistedToken Model objects. but it'd be safer. Similar to how django-rest-knox stores hashed tokens to protect against DB leaks.

    I'm new to the library but I can attempt to draft a PR if the idea itself is approved.

    Thanks.

    opened by Aymanf-sherief 0
  • simplejwt error messages are misleading when SIGNING_KEY is unset or default value

    simplejwt error messages are misleading when SIGNING_KEY is unset or default value

    I'm using simplejwt to implement a RP using Auth0 as an IDP, so simplejwt is only used to decode and verify RS256 signed JWTs generated by Auth0. The value of SIGNING_KEY in this configuration should be irrelevant.

    The Django Rest Framework docs describe how the authentication classes behave and their return values. They describe describe request.auth as:

    The request.auth property is used for any additional authentication information, for example, it may be used to represent an authentication token that the request was signed with. ... The authentication schemes are always defined as a list of classes. REST framework will attempt to authenticate with each class in the list, and will set request.user and request.auth using the return value of the first class that successfully authenticates.

    Developers relying on request.auth for debugging may assume it is safe to call str(request.auth) because it is in copy-pastable form in the django-rest-framework Authentication docs.

    However, rest_framework_simplejwt.authentication.Token.__str__ calls TokenBackend.encode() which assumes SIGNING_KEY is set to a key appropriate for the algorithm configuration. If SIGNING_KEY is unset, the key is derived from SECRET_KEY, which is not compatible with RS256:

    ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=503841036, lib=60, reason=524556, reason_text=b'error:1E08010C:DECODER routines::unsupported')])
    

    Or, if SIGNING_KEY is set to None:

    TypeError: Expecting a PEM-formatted key
    

    In addition to the poor developer experience, this also creates a path for a vulnerability where a naive call to str() could generate signed JWTs when the developer's intention was only consume them.

    Proposal:

    • If SIGNING_KEY is None, Token.__str__ should raise an exception indicating that simplejwt is configured in verification-only mode.
    • If the token was not created by simplejwt, Token.__str__ should raise an exception indicating that the token is not safe for serialization.
    opened by dcopso 0
Releases(v5.2.2)
  • v5.2.2(Oct 20, 2022)

    Major security release

    • Revert #605 in https://github.com/jazzband/djangorestframework-simplejwt/pull/629
    • Fix typo in blacklist_app.rst by @cbscsm in https://github.com/jazzband/djangorestframework-simplejwt/pull/593
    Source code(tar.gz)
    Source code(zip)
  • v5.2.1(Sep 28, 2022)

    What's Changed

    • Add Swedish translations by @PasinduPrabhashitha in https://github.com/jazzband/djangorestframework-simplejwt/pull/579
    • Fixed issue #543 by @armenak-baburyan in https://github.com/jazzband/djangorestframework-simplejwt/pull/586
    • Fix uncaught exception with JWK by @jerr0328 in https://github.com/jazzband/djangorestframework-simplejwt/pull/600
    • Test on Django 4.1 by @2ykwang in https://github.com/jazzband/djangorestframework-simplejwt/pull/604
    • use non-deprecated UTC timezone by @BSVogler in https://github.com/jazzband/djangorestframework-simplejwt/pull/606
    • Added Romanian translations by @DCDie in https://github.com/jazzband/djangorestframework-simplejwt/pull/591
    • allow verification skipping by @domdinicola in https://github.com/jazzband/djangorestframework-simplejwt/pull/605

    New Contributors

    • @PasinduPrabhashitha made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/579
    • @armenak-baburyan made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/586
    • @jerr0328 made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/600
    • @BSVogler made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/606
    • @DCDie made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/591

    Full Changelog: https://github.com/jazzband/djangorestframework-simplejwt/compare/v5.2.0...v5.2.1

    Source code(tar.gz)
    Source code(zip)
  • v5.2.0(May 24, 2022)

    Version 5.2.0

    • Remove the JWTTokenUserAuthentication from the Experimental Features #546 by @byrpatrick in https://github.com/jazzband/djangorestframework-simplejwt/pull/547
    • Fix leeway type error by @2ykwang in https://github.com/jazzband/djangorestframework-simplejwt/pull/554
    • Add info on TokenBlacklistView to the docs by @inti7ary in https://github.com/jazzband/djangorestframework-simplejwt/pull/558
    • Update JWTStatelessUserAuthentication docs by @2ykwang in https://github.com/jazzband/djangorestframework-simplejwt/pull/561
    • Allow none jti claim token type claim by @denniskeends in https://github.com/jazzband/djangorestframework-simplejwt/pull/567
    • Allow customizing token JSON encoding by @vainu-arto in https://github.com/jazzband/djangorestframework-simplejwt/pull/568
    • update & correct supported versions in docs by @asaah18 in https://github.com/jazzband/djangorestframework-simplejwt/pull/576

    New Contributors

    • @byrpatrick made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/547
    • @inti7ary made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/558
    • @thomasrockhu-codecov made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/559
    • @denniskeends made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/567
    • @asaah18 made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/576

    Full Changelog: https://github.com/jazzband/djangorestframework-simplejwt/compare/v5.1.0...v5.2.0

    Source code(tar.gz)
    Source code(zip)
  • v5.1.0(Mar 1, 2022)

    Version 5.1.0

    • Add back support for PyJWT 1.7.1 (#536)
    • Make the token serializer configurable (#521)
    • Simplify using custom token classes in serializers (#517)
    • Fix default_app_config deprecation (#415)
    • Add missing integration instructions for drf-yasg (#505)
    • Add blacklist view to log out users (#306)
    • Set default verifying key to empty str (#487)
    • Add docs about TOKEN_USER_CLASS (#455)

    Meta:

    • Add auto locale updater (#456)

    Translations:

    • Added Korean translations (#501)
    • Added Turkish translations (#508)
    Source code(tar.gz)
    Source code(zip)
  • v5.0.0(Oct 13, 2021)

    What's Changed

    • Set BLACKLIST_AFTER_ROTATION by default to False by @mohmyo in https://github.com/jazzband/djangorestframework-simplejwt/pull/455
    • Repair generation of OpenAPI with Spectacular by @robrichter in https://github.com/jazzband/djangorestframework-simplejwt/pull/452
    • updated import list by @rajan-blackboxes in https://github.com/jazzband/djangorestframework-simplejwt/pull/459
    • Add blacklist view to log out users by @hodossy in https://github.com/jazzband/djangorestframework-simplejwt/pull/306
    • Add "iat" claim to token by @mizvyt in https://github.com/jazzband/djangorestframework-simplejwt/pull/192
    • Remove verify from jwt.decode() to follow PyJWT v2.2.0. by @dajiaji in https://github.com/jazzband/djangorestframework-simplejwt/pull/472
    • Update CHANGELOG for v4.9.0 (#472) by @felippem in https://github.com/jazzband/djangorestframework-simplejwt/pull/476

    New Contributors

    • @mohmyo made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/455
    • @robrichter made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/452
    • @rajan-blackboxes made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/459
    • @hodossy made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/306
    • @mizvyt made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/192
    • @dajiaji made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/472
    • @felippem made their first contribution in https://github.com/jazzband/djangorestframework-simplejwt/pull/476

    Full Changelog: https://github.com/jazzband/djangorestframework-simplejwt/compare/v4.8.0...v5.0.0

    Source code(tar.gz)
    Source code(zip)
  • v4.8.0(Aug 19, 2021)

    Version 4.8.0

    • Add integration instructions for drf-yasg (#145)
    • Verify Serializer Should Honour Blacklist (#239)
    • Added missing import in getting_started docs (#431)
    • Use import_string for token_backend (#435)
    • Add JWKS support (#437)
    • Use pathlib instead of open in setup.py (#339)
    • Optimize default_user_authentication_rule (#441)
    • Add Leeway option to decode (#445)
    Source code(tar.gz)
    Source code(zip)
  • v4.7.2(Jul 6, 2021)

Owner
Simple JWT
Simple JWT authentication for django rest framework.
Simple JWT
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.2k Dec 29, 2022
PetitPotam - Coerce NTLM authentication from Windows hosts

Python implementation for PetitPotam

ollypwn 137 Dec 28, 2022
A flask extension for managing permissions and scopes

Flask-Pundit A simple flask extension to organize resource authorization and scoping. This extension is heavily inspired by the ruby Pundit library. I

Anurag Chaudhury 49 Dec 23, 2022
AddressBookApp - Address Book App in Django

AddressBookApp Application Name Address Book App in Django, 2022 Technologies La

Joshua K 1 Aug 18, 2022
API-key based security utilities for FastAPI, focused on simplicity of use

FastAPI simple security API key based security package for FastAPI, focused on simplicity of use: Full functionality out of the box, no configuration

Tolki 154 Jan 03, 2023
A wagtail plugin to replace the login by an OAuth2.0 Authorization Server

Wagtail OAuth2.0 Login Plugin to replace Wagtail default login by an OAuth2.0 Authorization Server. What is wagtail-oauth2 OAuth2.0 is an authorizatio

Gandi 7 Oct 07, 2022
FastAPI-Login tries to provide similar functionality as Flask-Login does.

FastAPI-Login FastAPI-Login tries to provide similar functionality as Flask-Login does. Installation $ pip install fastapi-login Usage To begin we hav

417 Jan 07, 2023
Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

AuthenticationX 💫 Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡

Yasser Tahiri 408 Jan 05, 2023
Basic auth for Django.

Basic auth for Django.

bichanna 2 Mar 25, 2022
This project is an open-source project which I made due to sharing my experience around the Python programming language.

django-tutorial This project is an open-source project which I made due to sharing my experience around the Django framework. What is Django? Django i

MohammadMasoumi 6 May 12, 2022
it's a Django application to register and authenticate users using phone number.

django-phone-auth It's a Django application to register and authenticate users using phone number. CustomUser model created using AbstractUser class.

MsudD 4 Nov 29, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 01, 2023
Social auth made simple

Python Social Auth Python Social Auth is an easy-to-setup social authentication/registration mechanism with support for several frameworks and auth pr

Matías Aguirre 2.8k Dec 24, 2022
Generate payloads that force authentication against an attacker machine

Hashgrab Generates scf, url & lnk payloads to put onto a smb share. These force authentication to an attacker machine in order to grab hashes (for exa

xct 35 Dec 20, 2022
Spotify User Token Generator Template

Spotify User Token Generator Template Quick Start $ pip3 install -r requirements

Arda Soyer 1 Feb 01, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Intility 220 Jan 05, 2023
Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

AuthenticationX 💫 Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡ Source Code: https://github.com/yezz123/AuthX Doc

Yasser Tahiri 404 Dec 27, 2022
Auth-Starters - Different APIs using Django & Flask & FastAPI to see Authentication Service how its work

Auth-Starters Different APIs using Django & Flask & FastAPI to see Authentication Service how its work, and how to use it. This Repository based on my

Yasser Tahiri 7 Apr 22, 2022
蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。

蓝鲸用户管理 简体中文 | English 蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。 总览 架构设计 代码目录 功能 支持多层级的组织架构管理 支持通过多种方式同步数据:OpenLDAP、Microsoft Active Directory(MAD)

腾讯蓝鲸 35 Dec 14, 2022
Auth for use with FastAPI

FastAPI Auth Pluggable auth for use with FastAPI Supports OAuth2 Password Flow Uses JWT access and refresh tokens 100% mypy and test coverage Supports

David Montague 95 Jan 02, 2023