如何使用电子邮件登录用户，并使用Django Rest Framework JSON Web令牌登录？ [英] How to login users with email and log them out with Django Rest Framework JSON web tokens?

问题描述

我有一个现有的，正在工作的Django应用程序，可以实现大量的Django-REST框架API。
我刚刚添加了 Django-rest-framework- JWT ，现在我正在尝试学习。我已经验证，如果我执行以下卷曲，它会给我一个令牌：

  curl -X POST -dusername = myuser& password = mypasswordhttp：// localhost：3050 / api-token-auth / 
  

但是我有一系列问题，我没有看到在文件中被处理。请回答以下问题：

1. 如何使用curl使令牌无效？当用户注销时，我需要这样做。


2. 这些令牌存储在数据库中哪里？在实现 django-rest-framework-jwt 之后，我没有看到我的Django Admin界面中有任何新表


3. 我想允许我的用户使用他们的用户名或登录他们的电子邮件。因此，我想在自定义端点中包含 api-token-auth 端点，以检查给定字符串是否为电子邮件或用户名。如果是电子邮件，我会查找用户名。然后调用api-token-auth。该端点应该如何看？我不知道如何包装这个 api-token-auth方法。

解决方案

1. 当使用JWT进行身份验证时，通常会将令牌存储在浏览器的本地存储或会话存储中。要注销，只需删除令牌。没有其他的无效。


2. 使用这种方法进行身份验证的好处之一是令牌不会保留在数据库中，因此您不必查询会话存储


3. 也可以使用自定义Django身份验证后端。

I have an existing, working Django application that implements numerous Django-REST-framework APIs. I've just added user authentication with Django-rest-framework-JWT and now I'm trying to learn it up. I have verified that it does issue me a token if I do the following curl:

curl -X POST -d "username=myuser&password=mypassword" http://localhost:3050/api-token-auth/

But I have a series of questions that I don't see being addressed in the documents. Please answer the following questions:

1. How do I invalidate the token using curl? I need to do so when the user logs out.
2. Where are these tokens stored in the DB? After implementing django-rest-framework-jwt, I don't see any new tables in my Django Admin interface
3. I would like to allow my users to login with their usernames or their emails. So I would like to wrap the api-token-auth endpoint in a custom endpoint that checks if the given string is an email or username. If email, I will lookup the username. Then call the api-token-auth. How should that endpoint look? I don't know how to wrap this api-token-auth method.

解决方案

1. When using JWT for authentication you'd usually store the token in the browser's localstorage or sessionstorage. To logout you just remove the token. There's nothing else to invalidate.
2. One of the benefits of using this kind of approach for authentication is that tokens are not persisted in the database, so you don't have to query a session store for anything when authenticating.
3. This should be possible with a custom Django Authentication Backend as well.

这篇关于如何使用电子邮件登录用户，并使用Django Rest Framework JSON Web令牌登录？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！