Using JWT Authentication with Sesame

[cyzanfar]

Hey!

I am using JWT auth using the dj_rest_auth package and was wondering how that would work in conjuncture with Sesame. I can I login a user with a token in the url (which sesame provides) then login a user and return the jwt token?

[aaugustin]

The django-sesame token is designed as a authentication mechanism. Get a token, log the user in.

Then you can do anything you want: if your project uses django.contrib.sessions, logging a user in gives them a session. I'm not familiar with dj_rest_auth so I don't know what it does when you log a user in.

At this point, you can use any session handling mechanism you like. I would recommend against JWT. The reasons why JWT aren't good session tokens are widely documented (e.g. here, there).

django-sesame was specifically designed as a more secure alternative to JWT. If you're planning to send a token in every request made by the user, how about just sending the django-sesame token every time? That will achieve the same effect.

Your question is a bit high level so it's hard for me to give a more specific answer here.