Comments (5)
Hi Nicholas,
Thanks for feedback! I'll have to look into this and clarify what the relevant RFCs have to say about it. Also, do you have a link to something that makes it more clear what the issue is with Swagger? Either way, you could probably get away with subclassing rest_framework_simplejwt.authentication.JWTAuthentication
and overriding the get_raw_token
method to get what you need. You'd then just list that class in settings.py
instead of the default authentication backend class. Just make sure you take a moment to consider if there are any security implications in doing that (I can't think of any off the top of my head).
from djangorestframework-simplejwt.
Here's a related PR for swagger, but basically, swagger doesn't support adding Bearer
or Token
to the Authentication
header via the UI right now. marcgibbons/django-rest-swagger#662
I think you're right on checking the RFCs. I'm now realizing the JWT implementation I saw that did not include a Bearer
or Token
prefix was a custom job, so it may be incorrect to simply omit a prefix. But given that this package allows you to basically set a custom one, I wonder if the spec has anything to say about not having one.
I'll give your overriding option a try. Thanks!
from djangorestframework-simplejwt.
@nicholasserra Did you ever happen to find out if a blank auth header type is kosher? I haven't had the time to look into this. Also, did my suggestion ever work out for you?
from djangorestframework-simplejwt.
So for a bit I was basically just typing Bearer example-token
into the Swagger authorize box, as this was the workaround:
But I just tried out your recommendation finally, and it works well. So as the code sits, you cannot add None
to AUTH_HEADER_TYPES
, but you can add an empty string.
So my setting is 'AUTH_HEADER_TYPES': ('Bearer', '',),
and I added these lines to my custom get_raw_token
:
if b'' in AUTH_HEADER_TYPE_BYTES and len(parts) == 1:
# Allow blank auth header
return parts[0]
and that now allows me to authenticate via Bearer
in the header or by omitting a token type entirely.
So this solves my nitpick of having to enter the token type into swagger. As to whether any of this is correct or allowed by the spec? I have no idea ha. I'm gonna close this now, as I don't think theres a valuable fix here that follows any spec. Thank you for the recommendation on this!
from djangorestframework-simplejwt.
Thanks Nicholas. Glad you got things worked out.
from djangorestframework-simplejwt.
Related Issues (20)
- Issue with Database Queries in Authenticated Django API Calls despite JWT Verification HOT 3
- JWT for object level permission & Discussion tab HOT 8
- Type for BlacklistMixin.for_user() Needs to be enhanced for RefreshToken usage
- using rest_framework.authtoken instead of username and password when getting token HOT 1
- `self.jwks_client.get_signing_key_from_jwt` raises uncaught `PyJWKClientConnectionError` which gets masked as "Token is invalid or expired"
- Cookie based authentication HOT 1
- Caim "Issued At" not updated after token refresh
- Add Security Warning while using `for_user` method HOT 10
- Feature Request: Redis Support for Blacklisted JWTs HOT 1
- Token verification and validation
- Library does not automatically verify that the token hasn't been tampered with HOT 8
- Trouble fetching data using the token HOT 1
- Verify check tell refresh token is ok, anyway that is blacklisted
- Incorrect type hints for several classes/methods HOT 4
- Import "rest_framework_simplejwt.authentication" could not be resolved Pylance (reportMissingImports) HOT 2
- Import Error on Django 5 HOT 1
- ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host', None, 10054, None)) with djangorestframework-jwt HOT 1
- How setup AWS Cognito with djangorestframework-simplejwt HOT 1
- CVE-2024-22513 HOT 1
- Security Issue HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from djangorestframework-simplejwt.