何时在 DRF 中的 jwt 中调用 gettoken、刷新令牌和验证令牌？

Question

I have been using built in token authentication for my projects in Django rest framework. But now I am shifting to simple jwt . But I am confused on one thing.

In Token Authentication user if logged in from front end returns a token, but in jwt documentation I have seen three requests as follows:

urlpatterns = [    
url(r'^auth-jwt/', obtain_jwt_token),     
url(r'^auth-jwt-refresh/', refresh_jwt_token),     
url(r'^auth-jwt-verify/', verify_jwt_token),
 ]

I dont quite understand these requests. As a normal user, when a user visits a site he doesn't ask to get token, refresh token and verify token, he simply logs in and uses the features of the site. So, I am asking when these requests are made?

I hope I have explained well.

Answer 1

The usual flow of JWT authentication goes likes this:

1. The client will send a POST request with the authentication credentials, which need to be verified. If the credentials are valid the server needs to return JWT Token and a refresh token. This process is handled by the url(r'^auth-jwt/', obtain_jwt_token) URL.

2. The token returned after authentication is a short-lived token and to continue the user session, the client needs to get a new token using the refresh token. This is done by url(r'^auth-jwt-refresh/', refresh_jwt_token) URL.

The third URL is not always required. You can use it to validate your JWT token in case it's required by your application.