[英]How to reset JWT token in Django after user changes password?
我的問題是我想在有人重置他或她的密碼時刷新或過期 JWT 令牌。 我的項目在 Django rest 框架中,所以我需要的只是一個關於如何發生的例子。 我需要能夠使所有其他令牌無效
溫馨問候。
默認情況下,如果您不更新會話身份驗證,則用戶將被注銷。 如果你想更新會話身份驗證這里是代碼
from django.contrib.auth import update_session_auth_hash
#after you change password for User- user
update_session_auth_hash(request, user)
您需要覆蓋默認令牌生成過程。
def jwt_create_payload(user):
"""
Create JWT claims token.
To be more standards-compliant please refer to the official JWT standards
specification: https://tools.ietf.org/html/rfc7519#section-4.1
"""
issued_at_time = datetime.utcnow()
expiration_time = issued_at_time + api_settings.JWT_EXPIRATION_DELTA
payload = {
'user_id': user.pk,
'username': '%s-%s' % (user.username + user.password),
'iat': unix_epoch(issued_at_time),
'exp': expiration_time
}
# It's common practice to have user object attached to profile objects.
# If you have some other implementation feel free to create your own
# `jwt_create_payload` method with custom payload.
if hasattr(user, 'profile'):
payload['user_profile_id'] = user.profile.pk if user.profile else None,
# Include original issued at time for a brand new token
# to allow token refresh
if api_settings.JWT_ALLOW_REFRESH:
payload['orig_iat'] = unix_epoch(issued_at_time)
if api_settings.JWT_AUDIENCE is not None:
payload['aud'] = api_settings.JWT_AUDIENCE
if api_settings.JWT_ISSUER is not None:
payload['iss'] = api_settings.JWT_ISSUER
return payload
根據新的jwt_create_payload
函數在您的設置中更新JWT_PAYLOAD_HANDLER
參數。 當您更改密碼時,您的令牌將失效。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.