search

jpadilla / django-rest-framework-jwt

JSON Web Token Authentication support for Django REST Framework
http://jpadilla.github.io/django-rest-framework-jwt/
MIT License
3.19k stars 649 forks source link

DRF JWT without a UserModel #349

Closed uber1geek closed 6 years ago

uber1geek commented 7 years ago

I am getting an error when i try to refresh the token or verify it on the endpoint.

 curl -X POST -H "Content-Type: application/json" -d '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmlnX2lhdCI6MTUwMDI5OTUyNCwidXNlcl9pZCI6IlMxNjQxNzMiLCJleHAiOjE1MDAzODU5MjR9.mTNn44Xm9lBp1v8WkUrkp3kdYSCsOrqHACa7fVq2qi8"}' http://localhost:8000/api-token-verify/
 {"non_field_errors":["Invalid payload."]}%

I did a print of my payload and here is what I get

{'orig_iat': 1500299524, 'user_id': u'S164173', 'exp': 1500385924}
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmlnX2lhdCI6MTUwMDI5OTUyNCwidXNlcl9pZCI6IlMxNjQxNzMiLCJleHAiOjE1MDAzODU5MjR9.mTNn44Xm9lBp1v8WkUrkp3kdYSCsOrqHACa7fVq2qi8

I am not using django's default auth mechanism, my auth works like this, i pass in a user id to my api endpoint, it verifies it against an external db, and then sends an otp to the client after the verification of the otp i will return the jwt token to authenticate with other api endpoints.

 payload = jwt_payload_handler(client_id)
 token = jwt_encode_handler(payload)
if (result[0] == otp):
                payload = jwt_payload_handler(client_id)
                access_token = jwt_encode_handler(payload)
                print(payload)
                print(access_token)
                return Response({'message': 'Partner Verified',
                                'access_token': access_token}, 
                                status=status.HTTP_200_OK)

Here is the custom function i implemented based on what was suggested over here https://github.com/GetBlimp/django-rest-framework-jwt/issues/145

from datetime import datetime
from calendar import timegm
from rest_framework_jwt.settings import api_settings

def jwt_payload_handler(client_id):
    """ Custom payload handler
    Token encrypts the dictionary returned by this function, and can be decoded by rest_framework_jwt.utils.jwt_decode_handler
    """
    return {
        'user_id': client_id,
        'exp': datetime.utcnow() + api_settings.JWT_EXPIRATION_DELTA,
        'orig_iat': timegm(
            datetime.utcnow().utctimetuple()
        )
    }

def jwt_response_payload_handler(token, user=None, request=None):
    """ Custom response payload handler.

    This function controlls the custom payload after login or token refresh. This data is returned through the web API.
    """
    return {
        'token': token
    }

Can someone please point out what is happening here and what can i do to make it work, How can i override the default authentication so that it works without the user model in place and it validates against (say a client_id which exists in my external remote database) ?

ebotean commented 6 years ago

@uber1geek did you manage to solve this?

uber1geek commented 6 years ago

Yes I solved this. Thanks

Aameer commented 5 years ago

@uber1geek could you please share some code explaining what was going wrong. I have a similar use case so it might help. Thanks