DRF:如何将django-rest-framework-jwt整合到Djoser中 [英] DRF: how to integrate django-rest-framework-jwt to Djoser
问题描述
我正计划使用Django Rest Framework 构建一个应用程序。我更感兴趣的是使用比会话或令牌身份验证机制更为真实的Django-Rest-Framework-JWT 认证机制。
$ b但是所有其他软件包,如Django-Rest-Auth 和 Djoser (有助于注册过程)使用会话和令牌认证系统。如何使用Django覆盖Djoso 或 Django-Rest-Auth 中的令牌认证机制-Rest-Framework-JWT ?
我知道这个问题已经差不多一年了,了解如何获得 Djoser 和 django-rest-knox ,以及与 djangorestframework-jwt 相同的技术。诀窍是知道您可以使用Djoser的帐户端点,而不使用其与auth相关的端点。您只需将每个库放在自己的端点上。
以下是我如何设置Django Rest框架以使用JWT登录并验证Djoser端点(我是首先,安装 djangorestframework-jwt 和 djoser :
p>
pip install djangorestframework-jwt djoser
指定您要使用JWT进行身份验证,方法是在Django中添加 JSONWebTokenAuthentication
到 DEFAULT_AUTHENTICATION_CLASSES
项目的 settings.py
:
REST_FRAMEWORK = {
' DEFAULT_PERMISSION_CLASSES':(
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES':(
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
接下来,添加 djoser.urls
和rest_framework_jwt的 gets_jwt_token
查看您的网址:
from django.conf.urls import url,include
from rest_framework_jwt import views as jwt_views
urlpatterns = [
url(r'^ account /',include ('djoser.urls')),
url(r'^ auth / login /',jwt_views.obtain_jwt_token,name ='auth'),
]
这应该是你需要开始的一切。为了安全起见,运行迁移
(我为这篇文章提出了一个全新的Django Rest Framework实例,在此之前还没有运行初始提交) :
python manage.py migrate
要测试的东西,创建一个新用户,如果你还没有一个:
python manage.py createduperuser
拥有用户帐户后, runserver
然后尝试登录以获取您的JWT:
http POST http:// localhost:800 / auth / login / username = admin password = password
'p>您应该会得到一个令牌:
{
令牌:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc -wxjjQtcEjwAI6bTLWRM
}
然后,您可以使用此令牌对Djoser的 / me / 端点进行身份验证,以获取您的个人资料信息。只需在您的请求的标题中包含您的令牌作为授权:JWT :
http HTTP://本地主机:8000 /帐号/ ME / 授权:JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc-wxjjQtcEjwAI6bTLWRM
这是我回来的:
{
email :,
id:2,
username:admin
}
如你所见,开始使用JWT进行身份验证是很容易的。我猜想,像 djoser 和 django-rest-auth 这样的图书馆专注于基本,会话或令牌身份验证,因为它们被包含在DRF框中,因此可能人们对他们的服务器进行身份验证的最常见的方法。
所有这一切的优点是,很容易实现更安全的身份验证方案,因为Djoser不紧密加上自己的身份验证类 - 它会高兴地尊重您为 DEFAULT_AUTHENTICATION_CLASSES
设置的任何内容。
I am planning to build an application with Django Rest Framework. I'm more interested in using Django-Rest-Framework-JWT authentication mechanism than Session or Token authentication mechanism.
But all the other packages like Django-Rest-Auth and Djoser (which helps in registrations process) uses Session and Token Authentication system.
How do I override the Token authentication mechanism in Djoser or Django-Rest-Auth with Django-Rest-Framework-JWT?
I know this question is almost a year old, but I just figured out how to get Djoser and django-rest-knox to play along and sure enough the same technique worked with djangorestframework-jwt as well. The trick is knowing that you can use Djoser's account endpoints without using its auth-related endpoints. You just have to put each library on its own endpoint.
Here's how I set up Django Rest Framework to use JWTs to log in and authenticate against Djoser endpoints (I'm going to take it from start to finish):
First, install djangorestframework-jwt and djoser:
pip install djangorestframework-jwt djoser
Specify that you want to use JWTs to authenticate by adding JSONWebTokenAuthentication
to DEFAULT_AUTHENTICATION_CLASSES
in your Django project's settings.py
:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
Next, Add djoser.urls
and rest_framework_jwt's obtain_jwt_token
view to your urls:
from django.conf.urls import url, include
from rest_framework_jwt import views as jwt_views
urlpatterns = [
url(r'^account/', include('djoser.urls')),
url(r'^auth/login/', jwt_views.obtain_jwt_token, name='auth'),
]
That should be everything you need to get started. Just to be safe, run a migrate
(I spun up a brand-new instance of Django Rest Framework for this post and hadn't yet run the initial commits before this point):
python manage.py migrate
To test things out, create a new user if you don't already have one:
python manage.py createsuperuser
Once you have a user account, runserver
and then try logging in to get your JWT:
http POST http://localhost:800/auth/login/ username=admin password=password
You should get back a token:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc-wxjjQtcEjwAI6bTLWRM"
}
You can then use this token to authenticate against Djoser's /me/ endpoint to get your profile information. Just include your token within your request's header as Authorization: JWT:
http http://localhost:8000/account/me/ "Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NTg2ODI3MzYsInVzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6IiIsInVzZXJfaWQiOjJ9.JDoVCpfiE0uGhsv9OQfPgPc-wxjjQtcEjwAI6bTLWRM"
Here's what I got back:
{
"email": "",
"id": 2,
"username": "admin"
}
As you can see, it's pretty easy to start using JWTs for authentication. My guess is that libraries like djoser and django-rest-auth focus on Basic, Session, or Token authentication because they're included out of the DRF box and thus are probably the most common method by which people authenticate calls against their server.
The beauty of all this is that it's easy to implement a more secure authentication scheme because Djoser isn't tightly coupled to its own authentication classes - it'll happily respect whatever you set for DEFAULT_AUTHENTICATION_CLASSES
.
这篇关于DRF:如何将django-rest-framework-jwt整合到Djoser中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!