[英]Simple jwt not returning refresh token
I am using simple jwt with django rest. However i dont think the config JWT_AUTH
is working.我正在使用简单的 jwt 和 django rest。但是我不认为配置JWT_AUTH
正在工作。 Because i have set the rotate refresh tokens to true but the token-api-refresh
url only returns access token while it should also return the refresh.因为我已将旋转刷新令牌设置为 true 但token-api-refresh
url 仅返回访问令牌,同时它还应返回刷新。
In the settings.py i have在 settings.py 我有
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'shop',
'rest_framework_simplejwt',
'corsheaders',
'django_cleanup'
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework_simplejwt.authentication.JWTAuthentication',
]
}
JWT_AUTH = {
'ACCESS_TOKEN_LIFETIME': datetime.timedelta(minutes=15),
'REFRESH_TOKEN_LIFETIME': datetime.timedelta(days=10),
'ROTATE_REFRESH_TOKENS': True,
}
My url patterns:我的 url 模式:
urlpatterns = [
path('admin/', admin.site.urls),
path('api-token/', TokenObtainPairView.as_view()),
path('api-token-refresh/', TokenRefreshView.as_view()),
path("",include("shop.urls"))
]
My problem is on the api-token-refresh
as it only returns the access but according to the simple-jwt documentation if i set rotate refresh token
to true then it should also return a refresh token alongside the access one.我的问题出在api-token-refresh
上,因为它只返回访问权限,但根据 simple-jwt 文档,如果我将rotate refresh token
设置为 true,那么它还应该在访问令牌旁边返回一个刷新令牌。
Edit:编辑:
This is the serializer for the token refresh which obviously can return both tokens这是令牌刷新的序列化程序,它显然可以返回两个令牌
class TokenRefreshSerializer(serializers.Serializer):
refresh = serializers.CharField()
access = serializers.ReadOnlyField()
def validate(self, attrs):
refresh = RefreshToken(attrs['refresh'])
data = {'access': str(refresh.access_token)}
if api_settings.ROTATE_REFRESH_TOKENS:
if api_settings.BLACKLIST_AFTER_ROTATION:
try:
# Attempt to blacklist the given refresh token
refresh.blacklist()
except AttributeError:
# If blacklist app not installed, `blacklist` method will
# not be present
pass
refresh.set_jti()
refresh.set_exp()
data['refresh'] = str(refresh)
return data
use SIMPLE_JWT Instead of JWT_AUTH and set ROTATE_REFRESH_TOKENS to True使用SIMPLE_JWT而不是JWT_AUTH并将ROTATE_REFRESH_TOKENS设置为True
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=1),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
'ROTATE_REFRESH_TOKENS': True,
}
other more property其他更多财产
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=1),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': False,
'UPDATE_LAST_LOGIN': True,
'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
'VERIFYING_KEY': None,
'AUDIENCE': None,
'ISSUER': None,
'JWK_URL': None,
'LEEWAY': 0,
'AUTH_HEADER_TYPES': ('Bearer'),
'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id',
'USER_AUTHENTICATION_RULE': 'rest_framework_simplejwt.authentication.default_user_authentication_rule',
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
'TOKEN_USER_CLASS': 'rest_framework_simplejwt.models.TokenUser',
'JTI_CLAIM': 'jti',
'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
It's not returning refresh token because you defined simple jwt configurations in :它没有返回刷新令牌,因为您在以下位置定义了简单的 jwt 配置:
JWT_AUTH = {
}
Instead of that you just need to change it with而不是你只需要改变它
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
'ROTATE_REFRESH_TOKENS': False
}
as per official documentations根据官方文件
ROTATE_REFRESH_TOKENS ROTATE_REFRESH_TOKENS
When set to True, if a refresh token is submitted to the TokenRefreshView, a new refresh token will be returned along with the new access token.当设置为 True 时,如果将刷新令牌提交给 TokenRefreshView,则新的刷新令牌将与新的访问令牌一起返回。 This new refresh token will be supplied via a “refresh” key in the JSON response.这个新的刷新令牌将通过 JSON 响应中的“刷新”键提供。 New refresh tokens will have a renewed expiration time which is determined by adding the timedelta in the REFRESH_TOKEN_LIFETIME setting to the current time when the request is made.新的刷新令牌将具有更新的到期时间,这是通过将 REFRESH_TOKEN_LIFETIME 设置中的 timedelta 添加到发出请求时的当前时间来确定的。 If the blacklist app is in use and the BLACKLIST_AFTER_ROTATION setting is set to True, refresh tokens submitted to the refresh view will be added to the blacklist.如果黑名单应用程序正在使用并且 BLACKLIST_AFTER_ROTATION 设置设置为 True,则提交给刷新视图的刷新令牌将被添加到黑名单中。
Please let me know if it works.请让我知道它是否有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.