When I sent request to logout endpoint, i noticed that JWT cookies were unset, but refresh token wasn't blacklisted due to that i didn't include refresh token in request data. However, I don't have access to JWT cookies because they're HTTP-only and dj-rest-auth doesn't try to get refresh token from cookies.
...
unset_jwt_cookies(response)
if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
# add refresh token to blacklist
try:
token = RefreshToken(request.data['refresh'])
token.blacklist()
except KeyError:
response.data = {'detail': _('Refresh token was not included in request data.')}
response.status_code =status.HTTP_401_UNAUTHORIZED
...
What if i try to customize the view?
Update:
I tried to make my own logout view:
class LogoutView(BaseLogoutView):
def logout(self, request):
# if getattr(settings, "REST_SESSION_LOGIN", True):
# django_logout(request)
response = Response(
{"detail": _("Successfully logged out.")},
status=status.HTTP_200_OK,
)
from dj_rest_auth.jwt_auth import unset_jwt_cookies
from rest_framework_simplejwt.tokens import RefreshToken
cookie_name = getattr(settings, "JWT_AUTH_REFRESH_COOKIE", None)
unset_jwt_cookies(response)
if cookie_name and cookie_name in request.COOKIES:
token = RefreshToken(request.COOKIES.get(cookie_name))
token.blacklist()
return response
Is it good enough? If i have mistakes, please tell me!
I tested it. it works: logout successfully, refresh token was blacklisted (i checked in admin panel)
In settings.py file:
When I sent request to logout endpoint, i noticed that JWT cookies were unset, but refresh token wasn't blacklisted due to that i didn't include refresh token in request data. However, I don't have access to JWT cookies because they're HTTP-only and dj-rest-auth doesn't try to get refresh token from cookies.
What if i try to customize the view?
Update: I tried to make my own logout view:
Is it good enough? If i have mistakes, please tell me!
I tested it. it works: logout successfully, refresh token was blacklisted (i checked in admin panel)