如何使用电子邮件登录用户,并使用Django Rest Framework JSON Web令牌登录? [英] How to login users with email and log them out with Django Rest Framework JSON web tokens?
本文介绍了如何使用电子邮件登录用户,并使用Django Rest Framework JSON Web令牌登录?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我刚刚添加了 Django-rest-framework- JWT ,现在我正在尝试学习。我已经验证,如果我执行以下卷曲,它会给我一个令牌:
curl -X POST -dusername = myuser& password = mypasswordhttp:// localhost:3050 / api-token-auth /
但是我有一系列问题,我没有看到在文件中被处理。请回答以下问题:
- 如何使用curl使令牌无效?当用户注销时,我需要这样做。
- 这些令牌存储在数据库中哪里?在实现
django-rest-framework-jwt
之后,我没有看到我的Django Admin界面中有任何新表 - 我想允许我的用户使用他们的用户名或登录他们的电子邮件。因此,我想在自定义端点中包含
api-token-auth
端点,以检查给定字符串是否为电子邮件或用户名。如果是电子邮件,我会查找用户名。然后调用api-token-auth。该端点应该如何看?我不知道如何包装这个api-token-auth方法
。
解决方案
- 当使用JWT进行身份验证时,通常会将令牌存储在浏览器的本地存储或会话存储中。要注销,只需删除令牌。没有其他的无效。
- 使用这种方法进行身份验证的好处之一是令牌不会保留在数据库中,因此您不必查询会话存储
- 也可以使用自定义Django身份验证后端。
I have an existing, working Django application that implements numerous Django-REST-framework APIs. I've just added user authentication with Django-rest-framework-JWT and now I'm trying to learn it up. I have verified that it does issue me a token if I do the following curl:
curl -X POST -d "username=myuser&password=mypassword" http://localhost:3050/api-token-auth/
But I have a series of questions that I don't see being addressed in the documents. Please answer the following questions:
- How do I invalidate the token using curl? I need to do so when the user logs out.
- Where are these tokens stored in the DB? After implementing
django-rest-framework-jwt
, I don't see any new tables in my Django Admin interface - I would like to allow my users to login with their usernames or their emails. So I would like to wrap the
api-token-auth
endpoint in a custom endpoint that checks if the given string is an email or username. If email, I will lookup the username. Then call the api-token-auth. How should that endpoint look? I don't know how to wrap thisapi-token-auth method
.
解决方案
- When using JWT for authentication you'd usually store the token in the browser's localstorage or sessionstorage. To logout you just remove the token. There's nothing else to invalidate.
- One of the benefits of using this kind of approach for authentication is that tokens are not persisted in the database, so you don't have to query a session store for anything when authenticating.
- This should be possible with a custom Django Authentication Backend as well.
这篇关于如何使用电子邮件登录用户,并使用Django Rest Framework JSON Web令牌登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文