snake575
commented
7 years ago I tested the changes and works on my project (without using the auth0 authentication extension), I created another issue to look at those problems #22
Closed snake575 closed 7 years ago
snake575
commented
7 years ago I tested the changes and works on my project (without using the auth0 authentication extension), I created another issue to look at those problems #22
Ptosiek
commented
7 years ago I don't think we should mix permission and authentication here. There's no need for Permission to inherits from Auth0JSONWebTokenAuthentication if just to decode the token, and run the authenticate method once (again). has_permission should rather decode the token via jwt_decode_handler and handle exceptions itself. We might as well attach the decoded_payload to the request object/ view instead of decoding it each time.
mcueto
commented
7 years ago @xnegativx this week i'll work on a update! i will work both with @Snake575 and your tips, SO please give me the light to choose the right path! any comment will be welcomed
Ptosiek
commented
7 years ago Hi, Sorry for the delay. I've been trying to circle around this. I ended up with attaching the decoded_jwt to the request object. I tried my best to inherit code from restframework_jwt. Fork is there (but I've been working on other things too (multiple clients)) https://bitbucket.org/xnegativx/djangorestframework-auth0/
mcueto
commented
7 years ago I fixed it restoring back the original get_jwt_value function in 77014a312fba4cffca617eedeb41526a57e6ea80
To address #20, deleted
get_jwt_valueon theutilsmodule, to acomodate this, madeHasRoleBasePermissioninherit fromAuth0JSONWebTokenAuthentication, so now it can use a new method on it calledget_payload, which takes advantage JWT'sJSONWebTokenAuthentication.authenticate, which in turn managesjwt_decode_handlererrors and returns a validatedjwt_valueto retrive the payload. (decoratorsis more broken than ever now).