Open shinneider opened 5 years ago
I am still working on this issue. wait a little longer
I am still working on this issue. wait a little longer
@shinneider did you find a solution for this issue?
@struegamer I'm sorry for answering so late, a lot has happened since then.
But i don't find de solution, because after apply suggested changes, all tokens is not verified, and accepts expired tokens (What the hell), but in my organization we are using a simple API gateway that I developed, and user auth through the header
see a example in one of my repositories:
https://github.com/shinneider/infoglobo-challenge
Note: is still under development and an unfinished version but may have a starting point
@shinneider You can just use the JWT package instead of using this one. Take a look at authentication.py and backend.py for more info. I believe this repo is more for DRF + Authentication, so to not have a model for users is peculiar. Are you saying you have a database with all users for several services? Is it that you have one project with sharded dbs?
I use django for micro services architecture, in this case i have a API Gateway to control the auth users
in each micro service i need user id only, to filter and return data, validation of jwt and user model is not necessary, but i can not remove
django.contrib.auth
anddjango.contrib.contenttypes
, because raise a exption...My settings.py:
I have investigated and suggest these changes::
state.py
authentication.py
model.py
i'm testing it and i will give it my opinion this week if everything is ok. if all ok, i open a branch and submit a PR
to future i suggest an option to add groups and permissions in claims of jwt (also is great to front-ends permissions systems)