Closed Ptosiek closed 7 years ago
I really don't know whats the best way to do this but i think that we could think about it all this week and get a real fix to this from now to Friday or Saturday if you want to.
Unrelated answer: RemoteUserBackend is used to allow users external to Django to authenticate against a Django app, i think that is a good practice but @Snake575 included that backend recently so probably he can give us a more appropriate answer.
Thanks for contribute and don't forget to star and share this project :)
I'm in. Actually, I made some changes, notably to address #17, so we can talk about it too.
Hi!
Circular imports:
I took a look and modified the code a little bit, to eliminate the circular import I deleted get_jwt_value
on the utils
module, to acomodate this, made HasRoleBasePermission
inherit from Auth0JSONWebTokenAuthentication
, so now it can use a new method on it called get_payload
, which takes advantage JWT's JSONWebTokenAuthentication.authenticate
, which in turn manages jwt_decode_handler
errors and returns a validated jwt_value
to retrive the payload. (decorators
is more broken than ever now).
RemoteUserBackend
RemoteUserBackend
is Django's default interface to use an external authentication source (Docs). When I discovered it, I noticed that the class implements many features that are useful to our problem: authenticate
, create_unknown_user
, clean_username
... . If you look at RemoteBackend.authenticate
, it has much in common whith @mcueto original implementation, so I included it and reimplemented authenticate
to resemble the one on RemoteUserBackend
.
The code is on #21
@xnegativx can you give us comments about #21 please!
Fixed!
Hello, Thanks you for the app! Have been playing a bit with it and started to tweak it a bit/lot. You might have spotted already but there's a circular import that makes extending the app not so easy. utils.py and authentication.py are importing each other because of get_jwt_value. Not really satisfied by any of those but possible fixes might be: Remove it from util and use JSONWebTokenAuthentication().get_jwt_value() in decorators/rest of the app Keep it in utils, switch the import to 'from rest_framework_jwt.authentication import JSONWebTokenAuthentication', (then do not forget to override get_jwt_value in Auth0JSONWebTokenAuthentication with a call to this). Unrelated question here: Why Auth0JSONWebTokenAuthentication inherits from RemoteBackend ?