JWT Token

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

JWT Token

Mohammad Kokhaee
Hello guys
I've created token by JWT and
My questions
 1-how to access to user information by token  ?
2-Is that the Right way and is that secure?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: JWT Token

Ronit Mishra
Hi,

First step is to authenticate and obtain the token. For instance, lets say your endpoint is /api/token, so it'll only accepts POST requests.  

>> post http://127.0.0.1:8000/api/token/ username=mohammad password=123

You can use cURL, or HTTPie or Python's requests module to test this.. Heck you can go full commando on this, by building an Angular front..

The response will be of form:

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjU5LCJqdGkiOiIyYmQ1NjI3MmIzYjI0YjNmOGI1MjJlNThjMzdjMTdlMSIsInVzZXJfaWQiOjF9.D92tTuVi_YcNkJtiLGHtcn6tBcxLCBxz9FKD3qzhUg8",

    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTU0NTMxMDM1OSwianRpIjoiMjk2ZDc1ZDA3Nzc2NDE0ZjkxYjhiOTY4MzI4NGRmOTUiLCJ1c2VyX2lkIjoxfQ.rA-mnGRg71NEW_ga0sJoaMODS5ABjE5HnxJDb0F8xAo"
}

After that you are going to store both the access token and the refresh token on the client side, usually in the localStorage.

In order to access the protected views on the backend (i.e., the API endpoints that require authentication), you should include the access token in the header of all requests, like this:

http://127.0.0.1:8000/hello/ "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjAwLCJqdGkiOiJlMGQxZDY2MjE5ODc0ZTY3OWY0NjM0ZWU2NTQ2YTIwMCIsInVzZXJfaWQiOjF9.9eHat3CvRQYnb5EdcgYFzUyMobXzxlAVh_IAgqyvzCE"



Thats it!


And yes its the proper way of doing things!

Cheers, Ronnie


On Thu, Aug 22, 2019 at 3:46 AM Mohammad Kokhaee <[hidden email]> wrote:
Hello guys
I've created token by JWT and
My questions
 1-how to access to user information by token  ?
2-Is that the Right way and is that secure?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: JWT Token

Mohammad Kokhaee
Thanks for your explanation
 After the user send the token to server 
What Should I do with the token to access to user id and user name and etc .
This is  project is mostly like blog web and when the user authenticate API returns just post of this user .
I don't know how to reach user information with token in views or serializer.

On Thu, Aug 22, 2019, 3:14 AM Ronit Mishra <[hidden email]> wrote:
Hi,

First step is to authenticate and obtain the token. For instance, lets say your endpoint is /api/token, so it'll only accepts POST requests.  

>> post http://127.0.0.1:8000/api/token/ username=mohammad password=123

You can use cURL, or HTTPie or Python's requests module to test this.. Heck you can go full commando on this, by building an Angular front..

The response will be of form:

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjU5LCJqdGkiOiIyYmQ1NjI3MmIzYjI0YjNmOGI1MjJlNThjMzdjMTdlMSIsInVzZXJfaWQiOjF9.D92tTuVi_YcNkJtiLGHtcn6tBcxLCBxz9FKD3qzhUg8",

    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTU0NTMxMDM1OSwianRpIjoiMjk2ZDc1ZDA3Nzc2NDE0ZjkxYjhiOTY4MzI4NGRmOTUiLCJ1c2VyX2lkIjoxfQ.rA-mnGRg71NEW_ga0sJoaMODS5ABjE5HnxJDb0F8xAo"
}

After that you are going to store both the access token and the refresh token on the client side, usually in the localStorage.

In order to access the protected views on the backend (i.e., the API endpoints that require authentication), you should include the access token in the header of all requests, like this:

http://127.0.0.1:8000/hello/ "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjAwLCJqdGkiOiJlMGQxZDY2MjE5ODc0ZTY3OWY0NjM0ZWU2NTQ2YTIwMCIsInVzZXJfaWQiOjF9.9eHat3CvRQYnb5EdcgYFzUyMobXzxlAVh_IAgqyvzCE"



Thats it!


And yes its the proper way of doing things!

Cheers, Ronnie


On Thu, Aug 22, 2019 at 3:46 AM Mohammad Kokhaee <[hidden email]> wrote:
Hello guys
I've created token by JWT and
My questions
 1-how to access to user information by token  ?
2-Is that the Right way and is that secure?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHdYFMMeZos2z-yPhHJ3kk_pwY0vORfUNK%2BZeTMQ%3D-%2BVt61MMA%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: JWT Token

Ronit Mishra
You woulld be having some api/profile endpoint, in your project where user details would be available. Send a post request with access token just like I explained in the previous email and you should get the response with profile details.

On Thu, Aug 22, 2019 at 5:13 AM Mohammad Kokhaee <[hidden email]> wrote:
Thanks for your explanation
 After the user send the token to server 
What Should I do with the token to access to user id and user name and etc .
This is  project is mostly like blog web and when the user authenticate API returns just post of this user .
I don't know how to reach user information with token in views or serializer.

On Thu, Aug 22, 2019, 3:14 AM Ronit Mishra <[hidden email]> wrote:
Hi,

First step is to authenticate and obtain the token. For instance, lets say your endpoint is /api/token, so it'll only accepts POST requests.  

>> post http://127.0.0.1:8000/api/token/ username=mohammad password=123

You can use cURL, or HTTPie or Python's requests module to test this.. Heck you can go full commando on this, by building an Angular front..

The response will be of form:

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjU5LCJqdGkiOiIyYmQ1NjI3MmIzYjI0YjNmOGI1MjJlNThjMzdjMTdlMSIsInVzZXJfaWQiOjF9.D92tTuVi_YcNkJtiLGHtcn6tBcxLCBxz9FKD3qzhUg8",

    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTU0NTMxMDM1OSwianRpIjoiMjk2ZDc1ZDA3Nzc2NDE0ZjkxYjhiOTY4MzI4NGRmOTUiLCJ1c2VyX2lkIjoxfQ.rA-mnGRg71NEW_ga0sJoaMODS5ABjE5HnxJDb0F8xAo"
}

After that you are going to store both the access token and the refresh token on the client side, usually in the localStorage.

In order to access the protected views on the backend (i.e., the API endpoints that require authentication), you should include the access token in the header of all requests, like this:

http://127.0.0.1:8000/hello/ "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjAwLCJqdGkiOiJlMGQxZDY2MjE5ODc0ZTY3OWY0NjM0ZWU2NTQ2YTIwMCIsInVzZXJfaWQiOjF9.9eHat3CvRQYnb5EdcgYFzUyMobXzxlAVh_IAgqyvzCE"



Thats it!


And yes its the proper way of doing things!

Cheers, Ronnie


On Thu, Aug 22, 2019 at 3:46 AM Mohammad Kokhaee <[hidden email]> wrote:
Hello guys
I've created token by JWT and
My questions
 1-how to access to user information by token  ?
2-Is that the Right way and is that secure?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHdYFMMeZos2z-yPhHJ3kk_pwY0vORfUNK%2BZeTMQ%3D-%2BVt61MMA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0EhyvL%2BhGX3XK_51ZHe%2BL2j_mf0KeFQ7QEt84WwiwjseuMA%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: JWT Token

Mohammad Kokhaee
I get that clearly 
But how to get the Response 
Sorry I'm new

On Thu, Aug 22, 2019, 4:37 AM Ronit Mishra <[hidden email]> wrote:
You woulld be having some api/profile endpoint, in your project where user details would be available. Send a post request with access token just like I explained in the previous email and you should get the response with profile details.

On Thu, Aug 22, 2019 at 5:13 AM Mohammad Kokhaee <[hidden email]> wrote:
Thanks for your explanation
 After the user send the token to server 
What Should I do with the token to access to user id and user name and etc .
This is  project is mostly like blog web and when the user authenticate API returns just post of this user .
I don't know how to reach user information with token in views or serializer.

On Thu, Aug 22, 2019, 3:14 AM Ronit Mishra <[hidden email]> wrote:
Hi,

First step is to authenticate and obtain the token. For instance, lets say your endpoint is /api/token, so it'll only accepts POST requests.  

>> post http://127.0.0.1:8000/api/token/ username=mohammad password=123

You can use cURL, or HTTPie or Python's requests module to test this.. Heck you can go full commando on this, by building an Angular front..

The response will be of form:

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjU5LCJqdGkiOiIyYmQ1NjI3MmIzYjI0YjNmOGI1MjJlNThjMzdjMTdlMSIsInVzZXJfaWQiOjF9.D92tTuVi_YcNkJtiLGHtcn6tBcxLCBxz9FKD3qzhUg8",

    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTU0NTMxMDM1OSwianRpIjoiMjk2ZDc1ZDA3Nzc2NDE0ZjkxYjhiOTY4MzI4NGRmOTUiLCJ1c2VyX2lkIjoxfQ.rA-mnGRg71NEW_ga0sJoaMODS5ABjE5HnxJDb0F8xAo"
}

After that you are going to store both the access token and the refresh token on the client side, usually in the localStorage.

In order to access the protected views on the backend (i.e., the API endpoints that require authentication), you should include the access token in the header of all requests, like this:

http://127.0.0.1:8000/hello/ "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjAwLCJqdGkiOiJlMGQxZDY2MjE5ODc0ZTY3OWY0NjM0ZWU2NTQ2YTIwMCIsInVzZXJfaWQiOjF9.9eHat3CvRQYnb5EdcgYFzUyMobXzxlAVh_IAgqyvzCE"



Thats it!


And yes its the proper way of doing things!

Cheers, Ronnie


On Thu, Aug 22, 2019 at 3:46 AM Mohammad Kokhaee <[hidden email]> wrote:
Hello guys
I've created token by JWT and
My questions
 1-how to access to user information by token  ?
2-Is that the Right way and is that secure?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHdYFMMeZos2z-yPhHJ3kk_pwY0vORfUNK%2BZeTMQ%3D-%2BVt61MMA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0EhyvL%2BhGX3XK_51ZHe%2BL2j_mf0KeFQ7QEt84WwiwjseuMA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHdYFMP8EHebWQ9RoYf5ckx5d414O0uQZ-RL07NZ7A4FVPWUkw%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: JWT Token

Suraj Thapa FC
token = request. Meta['HTTP_AUTHORIZATION']
data = {'token' : token}
payload_decoded = jwt.decode(token, settings.SECRET_KEY)
try:
      valid_data = VerifyJSONWebTokenSerilaizer().validate(data)

     user = valid_data['user']
     self.request.user = user
except:
      pass



On Thu, 22 Aug, 2019, 5:41 AM Mohammad Kokhaee, <[hidden email]> wrote:
I get that clearly 
But how to get the Response 
Sorry I'm new

On Thu, Aug 22, 2019, 4:37 AM Ronit Mishra <[hidden email]> wrote:
You woulld be having some api/profile endpoint, in your project where user details would be available. Send a post request with access token just like I explained in the previous email and you should get the response with profile details.

On Thu, Aug 22, 2019 at 5:13 AM Mohammad Kokhaee <[hidden email]> wrote:
Thanks for your explanation
 After the user send the token to server 
What Should I do with the token to access to user id and user name and etc .
This is  project is mostly like blog web and when the user authenticate API returns just post of this user .
I don't know how to reach user information with token in views or serializer.

On Thu, Aug 22, 2019, 3:14 AM Ronit Mishra <[hidden email]> wrote:
Hi,

First step is to authenticate and obtain the token. For instance, lets say your endpoint is /api/token, so it'll only accepts POST requests.  

>> post http://127.0.0.1:8000/api/token/ username=mohammad password=123

You can use cURL, or HTTPie or Python's requests module to test this.. Heck you can go full commando on this, by building an Angular front..

The response will be of form:

{
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjU5LCJqdGkiOiIyYmQ1NjI3MmIzYjI0YjNmOGI1MjJlNThjMzdjMTdlMSIsInVzZXJfaWQiOjF9.D92tTuVi_YcNkJtiLGHtcn6tBcxLCBxz9FKD3qzhUg8",

    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTU0NTMxMDM1OSwianRpIjoiMjk2ZDc1ZDA3Nzc2NDE0ZjkxYjhiOTY4MzI4NGRmOTUiLCJ1c2VyX2lkIjoxfQ.rA-mnGRg71NEW_ga0sJoaMODS5ABjE5HnxJDb0F8xAo"
}

After that you are going to store both the access token and the refresh token on the client side, usually in the localStorage.

In order to access the protected views on the backend (i.e., the API endpoints that require authentication), you should include the access token in the header of all requests, like this:

http://127.0.0.1:8000/hello/ "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjAwLCJqdGkiOiJlMGQxZDY2MjE5ODc0ZTY3OWY0NjM0ZWU2NTQ2YTIwMCIsInVzZXJfaWQiOjF9.9eHat3CvRQYnb5EdcgYFzUyMobXzxlAVh_IAgqyvzCE"



Thats it!


And yes its the proper way of doing things!

Cheers, Ronnie


On Thu, Aug 22, 2019 at 3:46 AM Mohammad Kokhaee <[hidden email]> wrote:
Hello guys
I've created token by JWT and
My questions
 1-how to access to user information by token  ?
2-Is that the Right way and is that secure?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHdYFMMeZos2z-yPhHJ3kk_pwY0vORfUNK%2BZeTMQ%3D-%2BVt61MMA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACh0EhyvL%2BhGX3XK_51ZHe%2BL2j_mf0KeFQ7QEt84WwiwjseuMA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAHdYFMP8EHebWQ9RoYf5ckx5d414O0uQZ-RL07NZ7A4FVPWUkw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAPjsHcG6hJEvLR8fKtBWDSjrkagLktgpc5LP0FmPKVd7q4omUQ%40mail.gmail.com.