search

jazzband / djangorestframework-simplejwt

A JSON Web Token authentication plugin for the Django REST Framework.
https://django-rest-framework-simplejwt.readthedocs.io/
MIT License
4.01k stars 662 forks source link

Auth0 and djangorestframework-simplejwt #582

Open MariusVinaschi opened 2 years ago

MariusVinaschi commented 2 years ago

Hi,

I would like to thank you for this very helpful project!

I have used this one to make the authentication between my Frontend in Vuejs and my API.

Now, I would like to add Auth0 to be able to use SSO. I would like to know if it's possible to do that with djangorestframework-simplejwt? ( I think so because I have seen several PR which speak about that).

Do you have some tutorials or indications to integrate djangorestframework-simplejwt with Auth0 ?

Thank you for your answers! Have a good day Marius

Andrew-Chen-Wang commented 2 years ago

No, we don't have a tutorial. Though, I think Auth0 made a tutorial with djangorestframework-jwt which could be translated here

brunocascio commented 2 years ago

@MariusVinaschi did you accomplish this?

enviroQL commented 1 year ago

@Andrew-Chen-Wang auth0 is using drf-jwt instead on their page, which seems easy to config and get it to work. but the package is getting out of maintainence, and the settings of djangorestframework-simplejwt seems not working with auth0 directly, all i can find is to set jwk_url which wasn't enough. there needs some other tweaks to get it to work probably. An example/tutorial would definitely help!

anichols-bto commented 9 months ago

hello! i was able to get this to work in my DRF project for my auth0 JWTs with the following settings:

SIMPLE_JWT = {
    # ISSUER, AUDIENCE, ALGORITHM not shown
    "USER_ID_CLAIM": "sub",  # The claim made in the incoming token
    "USER_ID_FIELD": "{{ database_field_on_user }}",  # The database field on the user model that is not expected to change
    "JWK_URL": "https://{{ domain }}/.well-known/jwks.json",
    # By setting these configs to None, simple_jwt seems to work with drf as expected (user authentication)
    "JTI_CLAIM": None,  # jti = JWT ID, setting to None is the same as "do not check for JWT uniqueness"?
    "TOKEN_TYPE_CLAIM": None,  # Auth0 JWTs do not seem to have a type field?
}

I found these by setting a breakpoint in the AccessToken class and figuring out where I was failing along the way.

I don't know if these are even good settings for going to prod, but unblocks me while I develop my project.