如何删除Django JWT令牌? [英] How to delete a django JWT token?
问题描述
我正在使用Django rest框架JSON Web令牌API,该API可在github上找到( https://github.com/GetBlimp/django-rest-framework-jwt/tree/master/).
I am using the Django rest framework JSON Web token API that is found here on github (https://github.com/GetBlimp/django-rest-framework-jwt/tree/master/).
我可以成功创建令牌,并使用它们来调用受保护的REST APis.但是,在某些情况下,我想在特定令牌到期之前删除它.所以我想用这样的观点来做到这一点:
I can successfully create tokens and use them to call protected REST APis. However, there are certain cases where I would like to delete a specific token before its expiry time. So I thought to do this with a view like:
class Logout(APIView):
permission_classes = (IsAuthenticated, )
authentication_classes = (JSONWebTokenAuthentication, )
def post(self, request):
# simply delete the token to force a login
request.auth.delete() # This will not work
return Response(status=status.HTTP_200_OK)
request.auth只是一个字符串对象.因此,这当然是行不通的,但是我不确定如何清除底层令牌.
The request.auth is simply a string object. So, this is of course, not going to work but I was not sure how I can clear the underlying token.
编辑
要详细了解这一点,我似乎不需要做任何事情,因为JWT永远不会在服务器端存储任何内容.因此,仅关闭应用程序并在下次登录时重新生成令牌就足够了.正确吗?
Reading more about this, it seems that I do not need to do anything as nothing is ever stored on the server side with JWT. So just closing the application and regenerating the token on the next login is enough. Is that correct?
推荐答案
是的,说JWT令牌未存储在数据库中是正确的.不过,您想要的是根据用户活动使令牌无效,似乎不太可能使用ATM .
Yes, it's correct to say that JWT tokens are not stored in the database. What you want, though, is to invalidate a token based on user activity, which doesn't seem to be possible ATM.
因此,您可以按照问题中的建议进行操作,或将用户重定向到某些令牌刷新端点,甚至手动创建新令牌.
So, you can do what you suggested in your question, or redirect the user to some token refreshing endpoint, or even manually create a new token.
这篇关于如何删除Django JWT令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
