A JSON Web Token authentication extension for the Django REST Framework
Using pip
pip install drf_pyjwt
Using pipenv
pipenv install drf_pyjwt
In your project’s settings.py add these settings.
DRF_PYJWT_JWKS_URI = "https://api.sample/jwks.json"
DRF_PYJWT_ALGORITHMS = ["RS256"]
DRF_PYJWT_KWARGS = {"audience": "https://api.sample"}
In views.py add PyJWTAuthentication class to authentication classes.
@api_view(["get"])
@authentication_classes([PyJWTAuthentication])
def example(request: Request) -> Response:
token: dict = request.auth
print("Access token: {token}")
return Response({"some": "response"})
By default PyJWTAuthentication cannot lookup user by token, that's why you will get None in request.user.
You can provide lookup user function using DRF_PYJWT_LOOKUP_USER setting.
After this PyJWTAuthentication will populate request.user using provided function.
Required: True
Type: str
Example: DRF_PYJWT_JWKS_URI = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
Value which will be passed as uri argument to jwt.jwks_client.PyJWKClient function
Required: False
Type: List[str]
Default: ["RS256"]
Example: DRF_PYJWT_ALGORITHMS = ["RS256"]
Value which will be passed as algorithms argument to jwt.decode function.
Required: False
Type: dict
Example: DRF_PYJWT_OPTIONS = {"verify_exp": False}
Value which will be passed as options argument to jwt.decode function.
Required: False
Type: dict
Example: DRF_PYJWT_KWARGS = {"audience": "https://app.domain"}
Value which will be passed as **kwargs argument to jwt.decode function.
Required: False
Type: str (Import path to the Callable[[dict], Optional[AbstractBaseUser]])
Example: DRF_PYJWT_LOOKUP_USER = "path.to.lookup_user"
def lookup_user(token: dict) -> Optional[AbstractBaseUser]:
user_id = token["custom_claim_user_id"]
user = User.objects.filter(pk=user_id).first()
return user