[英]How to reset JWT token in Django after user changes password?
我的问题是我想在有人重置他或她的密码时刷新或过期 JWT 令牌。 我的项目在 Django rest 框架中,所以我需要的只是一个关于如何发生的例子。 我需要能够使所有其他令牌无效
温馨问候。
默认情况下,如果您不更新会话身份验证,则用户将被注销。 如果你想更新会话身份验证这里是代码
from django.contrib.auth import update_session_auth_hash
#after you change password for User- user
update_session_auth_hash(request, user)
您需要覆盖默认令牌生成过程。
def jwt_create_payload(user):
"""
Create JWT claims token.
To be more standards-compliant please refer to the official JWT standards
specification: https://tools.ietf.org/html/rfc7519#section-4.1
"""
issued_at_time = datetime.utcnow()
expiration_time = issued_at_time + api_settings.JWT_EXPIRATION_DELTA
payload = {
'user_id': user.pk,
'username': '%s-%s' % (user.username + user.password),
'iat': unix_epoch(issued_at_time),
'exp': expiration_time
}
# It's common practice to have user object attached to profile objects.
# If you have some other implementation feel free to create your own
# `jwt_create_payload` method with custom payload.
if hasattr(user, 'profile'):
payload['user_profile_id'] = user.profile.pk if user.profile else None,
# Include original issued at time for a brand new token
# to allow token refresh
if api_settings.JWT_ALLOW_REFRESH:
payload['orig_iat'] = unix_epoch(issued_at_time)
if api_settings.JWT_AUDIENCE is not None:
payload['aud'] = api_settings.JWT_AUDIENCE
if api_settings.JWT_ISSUER is not None:
payload['iss'] = api_settings.JWT_ISSUER
return payload
根据新的jwt_create_payload
函数在您的设置中更新JWT_PAYLOAD_HANDLER
参数。 当您更改密码时,您的令牌将失效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.