使用simplejwt模块在django中修改jwt访问令牌到期时间 [英] Modifying jwt access token expiry time in django using simplejwt module

问题描述

from rest_framework_simplejwt.serializers import TokenObtainPairSerializer

from rest_framework_simplejwt.views import TokenObtainPairView

from rest_framework_simplejwt.utils import datetime_to_epoch

SUPERUSER_LIFETIME = datetime.timedelta(minutes=1)

class MyTokenObtainPairSerializer(TokenObtainPairSerializer):

@classmethod
def get_token(cls, user):        
    token = super(MyTokenObtainPairSerializer, cls).get_token(user)
    token['name']       = user.username
    token['user_id']    = user.id

    if user.is_superuser:
        #token.set_exp(from_time=starttime,lifetime=SUPERUSER_LIFETIME)
        token.payload['exp'] = datetime_to_epoch(token.current_time + SUPERUSER_LIFETIME)

    return token

class MyTokenObtainPairView(TokenObtainPairView):
     serializer_class = MyTokenObtainPairSerializer

我已经尝试过此代码(遵循此链接:

i have tried this code (followed this link: How can we assign different expiry time to different users in jwt tokens in django ). This code updates the expiry time of refresh token but i want to update expiry time of access token in django using simplejwt module. any suggestions please.

推荐答案

我快速浏览了simplejwt github的页面，您可以自定义一些

I just made a quick look to simplejwt github's page and you can customize some settings in your settings.py file;

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
}

根据评论更新答案

感谢您的回应.但是我想全局设置jwt的到期时间，然后根据角色设置，我想覆盖该到期时间.怎么可能??

thanks for response . but i want set globally jwt expiry time and later based on role , i want to override that expiry time . how is it possible??

正如您所说，您必须覆盖默认的令牌生成器方法.但是如何?

As you say, you have to override default token generator method. But how?

首先，创建您自己的从TokenObtainPairView继承的令牌获取视图，并创建您自己的从TokenObtainPairSerializer继承的令牌获取序列化程序.之后，您可以看到validate方法创建了access和refresh标记，因此，如果要基于用户角色等创建标记，则也必须覆盖该方法.在这些步骤之后，您还必须更改urls.py.

First, create your own token obtain view that inherited from TokenObtainPairView and your own token obtain serializer that inherited from TokenObtainPairSerializer. After that, you can see that validate method create access and refresh tokens, so also you must override that method if you want to create token based on user role etc. After these steps you also have to change your urls.py.

示例；

import datetime

from django.utils.six import text_type

from rest_framework_simplejwt.views import TokenObtainPairView
from rest_framework_simplejwt.serializers import TokenObtainPairSerializer

SUPERUSER_LIFETIME = datetime.timedelta(minutes=1)


class MyTokenObtainSerializer(TokenObtainPairSerializer):
    def validate(self, attrs):
        data = super(TokenObtainPairSerializer, self).validate(attrs)
        refresh = self.get_token(self.user)
        data['refresh'] = text_type(refresh)
        if self.user.is_superuser:
            new_token = refresh.access_token
            new_token.set_exp(lifetime=SUPERUSER_LIFETIME)
            data['access'] = text_type(new_token)
        else:
            data['access'] = text_type(refresh.access_token)
        return data


class MyTokenObtainView(TokenObtainPairView):
    serializer_class = MyTokenObtainSerializer

urls.py

urls.py

urlpatterns = [
    path('api/token/', MyTokenObtainView.as_view(), name='token_obtain_pair')
]

这篇关于使用simplejwt模块在django中修改jwt访问令牌到期时间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！