JWT 和 Django Rest 框架中的自定义身份验证

Question

I have written a very basic custom authentication class in order to implement the simple JWT library for my custom authentication needs.

I generate tokens manually and then send the access token to my API. By default, this would be enough but since I do not use the default Django user Model, I get "User not found". This is because I need to implement a custom authentication backend.

I need to read that token in order to query the database with the given user id and check if that token is valid as well. In my example, I have fixed number 2.

class ExampleAuthentication(authentication.BaseAuthentication):
    def authenticate(self, request):
        try:
            user = vAuthUser.objects.get(pk=2) #this should receive the user_id from the token
        except:
            raise AuthenticationFailed('No such user')

        return (user, None)

My API looks like:

class MyAPI(APIView):
    authentication_classes = (ExampleAuthentication,)
    permission_classes = (IsAuthenticated ,)

   def get()...

Answer 1

Try this:

from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.tokens import RefreshToken
from django.contrib.auth.models import User
user = User.objects.first()
refresh = RefreshToken.for_user(user)
raw_token = str(refresh.access_token)

jwt_a = JWTAuthentication()
validated_token = jwt_a.get_validated_token(raw_token)
repr(validated_token)
print(validated_token["user_id"])

Here I feed a raw access token to get_validated_token() method of JWTAuthentication class. it returns a dictionary with these keys: token_type , jti , user_id , exp , and their associated values.
I've used the default Django User Model for my sample, but it should work with your custom Model.
There are more useful methods like get_header() . check this document and this one too.