search

iMerica / dj-rest-auth

Authentication for Django Rest Framework
https://dj-rest-auth.readthedocs.io/en/latest/index.html
MIT License
1.66k stars 309 forks source link

How to remove the access token from the response payload? #589

Open afoalb opened 8 months ago

afoalb commented 8 months ago

My REST_AUTH config

REST_AUTH = {
    'PASSWORD_RESET_USE_SITES_DOMAIN': False,
    'OLD_PASSWORD_FIELD_ENABLED': False,
    'LOGOUT_ON_PASSWORD_CHANGE': False,
    'SESSION_LOGIN': True,
    'USE_JWT': True,

    'JWT_AUTH_COOKIE': 'JWTAccess',
    'JWT_AUTH_REFRESH_COOKIE': 'JWTRefresh',
    'JWT_AUTH_REFRESH_COOKIE_PATH': '/',
    'JWT_AUTH_SECURE': False,
    'JWT_AUTH_HTTPONLY': True,
    'JWT_AUTH_SAMESITE': 'Lax',
    'JWT_AUTH_RETURN_EXPIRATION': False,
    'JWT_AUTH_COOKIE_USE_CSRF': False,
    'JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED': False,

}

Background

  1. I send the request: /dj-rest-auth/login/ (POST) with valid data.
  2. dj-rest-auth returns the following body in the response: 
{
    "access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVC3J9.eyJ0b2tlbl90eXBlIjoiYWNjZX3NzIiwiZXhwIjoxNzA3MTUxNTQzLCJpYXQiOjE3MDcxdE0ODMsImp0aSI6IjRkZDliYTVjYz4TQzOTY4NWJmZTQyODBiOd7E4NjZhIiwidXNlcl9pZCI6M30.HHpFrYegTtvyyVKcCaXG4jYWgAgDz1hWAEWx6rtqY4M",
    "refresh": "",
    "user": {
        "pk": 3,
        "email": "abc@abc.com",
        "first_name": "",
        "last_name": ""
    }
}

How can I make dj-rest-auth not return the access token in the response payload?