The "djangorestframework-jwt" stop being maintained

[winrey]

Background

The JWT dependence "djangorestframework-jwt" stop being maintained with obvious BUGS of token refreshing (both here) remaining.

In fact, although there is a fixing PR long long times ago, it seems that it won't be merged.

With the trust for an 1.7k stars open-source project, I think that it's bad to have bug in it.

Suggestions

There is three suggestions can solve this:

1. Switch to another jwt support dependence

django-rest-framework-simplejwt is a recommended choice.

2. Take over the django-rest-framework-jwt repository

3. Add a polyfill and remind everyone for the issue

A polyfill project is here

[SylvainMartel]

what about this fork of django-rest-framework-jwt. Drop-in replacement and accepting PR

[winrey]

what about this fork of django-rest-framework-jwt. Drop-in replacement and accepting PR

Good idea, I'm going to test about this.

[winrey]

OMG, I even cannot pass the test of THIS project Tivix/django-rest-auth on master without any changes.

(venv) PS D:\projects\personal\test-django-rest-auth> py .\runtests.py
Creating test database for alias 'default'...
Destroying test database for alias 'default'...
Traceback (most recent call last):
  File ".\runtests.py", line 24, in <module>
    runtests()
  File ".\runtests.py", line 20, in runtests
    failures = test_runner.run_tests(['rest_auth'])
  File "D:\projects\personal\test-django-rest-auth\venv\lib\site-packages\django\test\runner.py", line 632, in run_tests
    self.run_checks()
  File "D:\projects\personal\test-django-rest-auth\venv\lib\site-packages\django\test\runner.py", line 570, in run_checks
    call_command('check', verbosity=self.verbosity)
  File "D:\projects\personal\test-django-rest-auth\venv\lib\site-packages\django\core\management\__init__.py", line 148, in call_command
    return command.execute(*args, **defaults)
  File "D:\projects\personal\test-django-rest-auth\venv\lib\site-packages\django\core\management\base.py", line 364, in execute
    output = self.handle(*args, **options)
  File "D:\projects\personal\test-django-rest-auth\venv\lib\site-packages\django\core\management\commands\check.py", line 64, in handle
    fail_level=getattr(checks, options['fail_level']),
  File "D:\projects\personal\test-django-rest-auth\venv\lib\site-packages\django\core\management\base.py", line 436, in check
    raise SystemCheckError(msg)
django.core.management.base.SystemCheckError: SystemCheckError: System check identified some issues:

ERRORS:
?: (admin.E406) 'django.contrib.messages' must be in INSTALLED_APPS in order to use the admin application.

System check identified 1 issue (0 silenced).

So, what's the latest version of the dependencies supported? Emmmmmm, is there any maintainer here for this project currently?

---

It's Django-2.0.

[winrey]

what about this fork of django-rest-framework-jwt. Drop-in replacement and accepting PR

Good idea, I'm going to test about this.

Test passed but maybe the tests itselves need to support newer version the django.

[onekiloparsec]

An alternative fork using django-rest-framework-simplejwt (whose API look cleaner to me).

[SylvainMartel]

I did some testing with Tivix/django-rest-auth and ran into some breaking changes(like the creation of token manually), so it's not a drop-in like I thought it was.

[onekiloparsec]

Hm, bad news. Overall, the current situation is a mess, IMHO. Having to use allauth, rest-auth, and a third lib for JWT is error-prone and hard to maintain on the long run, don't you think ?

[GitRon]

Any update on this topic?

[colin-byrne-1]

@GitRon don't use this repo... it is no longer maintained (just not properly labeled as such). the package jazzband/dj-rest-auth is a fork of this issue and pairs natively with the simplejwt package, and fixes a number of other issues.