在使用Django REST framework想用JWT的人會發現django-rest-framework-jwt已經停止了更新版本,其對新版本的Django REST framework並不支持,在這推薦django-rest-framework-simplejwt支持django2到3版本python3.7到3.9
1.安裝
pip install django-rest-framework-simplejwt
2.配置
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
}
2.1 URL配置
from rest_framework_simplejwt.views import (
TokenObtainPairView,
TokenRefreshView,
)
urlpatterns = [
...
# 認證令牌
path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
# 刷新令牌
path('api/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
...
]
如果您希望允許API用戶無需訪問您的簽名密鑰即可驗證HMAC簽名的令牌,還可以包括一個簡單JWT的路由
urlpatterns = [
...
path('api/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
...
]
2.2用postman測試
3. 設置自定義返回值
在app的 views中創建
from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
from rest_framework_simplejwt.views import TokenObtainPairView
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
refresh = self.get_token(self.user)
data['refresh'] = str(refresh)
data['access'] = str(refresh.access_token)
# Add extra responses here
data['username'] = self.user.username
data['groups'] = self.user.groups.values_list('name', flat=True)
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
在url中配置
from .views import MyTokenObtainPairView
urlpatterns = [
path(r'login2/', MyTokenObtainPairView.as_view()),
]
