简单 jwt 不返回刷新令牌

Question

I am using simple jwt with django rest. However i dont think the config JWT_AUTH is working.我正在使用简单的 jwt 和 django rest。但是我不认为配置JWT_AUTH正在工作。 Because i have set the rotate refresh tokens to true but the token-api-refresh url only returns access token while it should also return the refresh.因为我已将旋转刷新令牌设置为 true 但token-api-refresh url 仅返回访问令牌，同时它还应返回刷新。

In the settings.py i have在 settings.py 我有

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'shop',
    'rest_framework_simplejwt',
    'corsheaders',
    'django_cleanup'
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ]
}
JWT_AUTH = {
    'ACCESS_TOKEN_LIFETIME': datetime.timedelta(minutes=15),
    'REFRESH_TOKEN_LIFETIME': datetime.timedelta(days=10),
    'ROTATE_REFRESH_TOKENS': True,
}

My url patterns:我的 url 模式：

urlpatterns = [
    path('admin/', admin.site.urls),
    path('api-token/', TokenObtainPairView.as_view()),
    path('api-token-refresh/', TokenRefreshView.as_view()),
    path("",include("shop.urls"))
]

My problem is on the api-token-refresh as it only returns the access but according to the simple-jwt documentation if i set rotate refresh token to true then it should also return a refresh token alongside the access one.我的问题出在api-token-refresh上，因为它只返回访问权限，但根据 simple-jwt 文档，如果我将rotate refresh token设置为 true，那么它还应该在访问令牌旁边返回一个刷新令牌。

Edit:编辑：

This is the serializer for the token refresh which obviously can return both tokens这是令牌刷新的序列化程序，它显然可以返回两个令牌

class TokenRefreshSerializer(serializers.Serializer):
    refresh = serializers.CharField()
    access = serializers.ReadOnlyField()

    def validate(self, attrs):
        refresh = RefreshToken(attrs['refresh'])

        data = {'access': str(refresh.access_token)}

        if api_settings.ROTATE_REFRESH_TOKENS:
            if api_settings.BLACKLIST_AFTER_ROTATION:
                try:
                    # Attempt to blacklist the given refresh token
                    refresh.blacklist()
                except AttributeError:
                    # If blacklist app not installed, `blacklist` method will
                    # not be present
                    pass

            refresh.set_jti()
            refresh.set_exp()

            data['refresh'] = str(refresh)

        return data

Answer 1

use SIMPLE_JWT Instead of JWT_AUTH and set ROTATE_REFRESH_TOKENS to True使用SIMPLE_JWT而不是JWT_AUTH并将ROTATE_REFRESH_TOKENS设置为True

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=1),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
    'ROTATE_REFRESH_TOKENS': True,
}

other more property其他更多财产

'ACCESS_TOKEN_LIFETIME': timedelta(minutes=1),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': False,
'UPDATE_LAST_LOGIN': True,

'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
'VERIFYING_KEY': None,
'AUDIENCE': None,
'ISSUER': None,
'JWK_URL': None,
'LEEWAY': 0,

'AUTH_HEADER_TYPES': ('Bearer'),
'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id',
'USER_AUTHENTICATION_RULE': 'rest_framework_simplejwt.authentication.default_user_authentication_rule',

'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
'TOKEN_USER_CLASS': 'rest_framework_simplejwt.models.TokenUser',

'JTI_CLAIM': 'jti',

'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),

Answer 2

It's not returning refresh token because you defined simple jwt configurations in :它没有返回刷新令牌，因为您在以下位置定义了简单的 jwt 配置：

JWT_AUTH = {
           
           }

Instead of that you just need to change it with而不是你只需要改变它

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
    'ROTATE_REFRESH_TOKENS': False
}

as per official documentations根据官方文件

ROTATE_REFRESH_TOKENS ROTATE_REFRESH_TOKENS

When set to True, if a refresh token is submitted to the TokenRefreshView, a new refresh token will be returned along with the new access token.当设置为 True 时，如果将刷新令牌提交给 TokenRefreshView，则新的刷新令牌将与新的访问令牌一起返回。 This new refresh token will be supplied via a “refresh” key in the JSON response.这个新的刷新令牌将通过 JSON 响应中的“刷新”键提供。 New refresh tokens will have a renewed expiration time which is determined by adding the timedelta in the REFRESH_TOKEN_LIFETIME setting to the current time when the request is made.新的刷新令牌将具有更新的到期时间，这是通过将 REFRESH_TOKEN_LIFETIME 设置中的 timedelta 添加到发出请求时的当前时间来确定的。 If the blacklist app is in use and the BLACKLIST_AFTER_ROTATION setting is set to True, refresh tokens submitted to the refresh view will be added to the blacklist.如果黑名单应用程序正在使用并且 BLACKLIST_AFTER_ROTATION 设置设置为 True，则提交给刷新视图的刷新令牌将被添加到黑名单中。

Please let me know if it works.请让我知道它是否有效。

简单 jwt 不返回刷新令牌

问题描述

2 个解决方案

解决方案1
2 2022-03-19 07:46:00

解决方案2
0 2021-11-09 13:47:20

简单 jwt 不返回刷新令牌

问题描述

2 个解决方案

解决方案1 2 2022-03-19 07:46:00

解决方案2 0 2021-11-09 13:47:20

解决方案1
2 2022-03-19 07:46:00

解决方案2
0 2021-11-09 13:47:20