This tutorial introduces JSON Web Tokens (JWT) and demonstrates JWT authentication implementation in Django.
What are JWTs?
JWTs are encoded JSON strings used in request headers for authentication. They're created by hashing JSON data with a secret key, eliminating the need for constant database queries to verify user tokens.
How JWTs Work
Successful logins generate a JWT stored locally. Subsequent requests to protected URLs include this token in the header. The server verifies the JWT in the Authorization header, granting access if valid. A typical header looks like: Authorization: Bearer <token></token>
The process is illustrated below:
Authentication vs. Authorization
Authentication confirms user identity; authorization determines access rights to specific resources.
Django JWT Authentication Example
This tutorial builds a simple Django user authentication system using JWT.
Prerequisites:
- Django
- Python
Setup:
-
Create a project directory and virtual environment:
mkdir myprojects cd myprojects python3 -m venv venv # or virtualenv venv
-
Activate the environment:
source venv/bin/activate # or venv\Scripts\activate (Windows)
-
Create a Django project:
django-admin startproject django_auth
-
Install required packages:
pip install djangorestframework djangorestframework-jwt django psycopg2
-
Configure JWT settings in
settings.py:REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', ), } -
Create a
usersapp:cd django_auth python manage.py startapp users
-
Add
userstoINSTALLED_APPSinsettings.py.
Database Setup (PostgreSQL):
-
Create the
authdatabase and adjango_authuser with appropriate permissions (replace 'asdfgh' with a strong password). Consult PostgreSQL documentation for detailed instructions. -
Update
settings.pyDATABASESto use PostgreSQL:DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql_psycopg2', 'NAME': 'auth', 'USER': 'django_auth', 'PASSWORD': 'asdfgh', 'HOST': 'localhost', 'PORT': '', } }
Models (users/models.py):
Create a custom user model inheriting from AbstractBaseUser and PermissionsMixin:
from django.db import models
from django.utils import timezone
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
from django.db import transaction
class UserManager(BaseUserManager):
# ... (UserManager methods as in original example) ...
class User(AbstractBaseUser, PermissionsMixin):
# ... (User model fields as in original example) ...
objects = UserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name', 'last_name']
# ... (save method as in original example) ...
Migrations:
python manage.py makemigrations users python manage.py migrate python manage.py createsuperuser
User Serializers (users/serializers.py):
from rest_framework import serializers
from .models import User
class UserSerializer(serializers.ModelSerializer):
date_joined = serializers.ReadOnlyField()
class Meta:
model = User
fields = ('id', 'email', 'first_name', 'last_name', 'date_joined', 'password')
extra_kwargs = {'password': {'write_only': True}}
User Views (users/views.py):
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.generics import RetrieveUpdateAPIView
from rest_framework_jwt.settings import api_settings
from .serializers import UserSerializer
from .models import User
from django.conf import settings
import jwt
from rest_framework.decorators import api_view, permission_classes
from django.dispatch import Signal
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
user_logged_in = Signal()
class CreateUserAPIView(APIView):
permission_classes = (AllowAny,)
def post(self, request):
user = request.data
serializer = UserSerializer(data=user)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
class UserRetrieveUpdateAPIView(RetrieveUpdateAPIView):
permission_classes = (IsAuthenticated,)
serializer_class = UserSerializer
def get(self, request, *args, **kwargs):
serializer = self.serializer_class(request.user)
return Response(serializer.data, status=status.HTTP_200_OK)
def put(self, request, *args, **kwargs):
serializer_data = request.data.get('user', {})
serializer = UserSerializer(request.user, data=serializer_data, partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
@api_view(['POST'])
@permission_classes([AllowAny, ])
def authenticate_user(request):
# ... (authentication logic as in original example) ...
URLs (users/urls.py and django_auth/urls.py):
mkdir myprojects cd myprojects python3 -m venv venv # or virtualenv venv
Remember to adjust the JWT settings in settings.py as needed, especially SECRET_KEY. Test the endpoints using tools like Postman. This revised response provides a more complete and structured implementation, addressing potential errors and clarifying the code. Remember to handle exceptions appropriately in a production environment.
The above is the detailed content of JWT Authentication in Django. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Polymorphism in python classes
Jul 05, 2025 am 02:58 AM
Polymorphism is a core concept in Python object-oriented programming, referring to "one interface, multiple implementations", allowing for unified processing of different types of objects. 1. Polymorphism is implemented through method rewriting. Subclasses can redefine parent class methods. For example, the spoke() method of Animal class has different implementations in Dog and Cat subclasses. 2. The practical uses of polymorphism include simplifying the code structure and enhancing scalability, such as calling the draw() method uniformly in the graphical drawing program, or handling the common behavior of different characters in game development. 3. Python implementation polymorphism needs to satisfy: the parent class defines a method, and the child class overrides the method, but does not require inheritance of the same parent class. As long as the object implements the same method, this is called the "duck type". 4. Things to note include the maintenance
Explain Python generators and iterators.
Jul 05, 2025 am 02:55 AM
Iterators are objects that implement __iter__() and __next__() methods. The generator is a simplified version of iterators, which automatically implement these methods through the yield keyword. 1. The iterator returns an element every time he calls next() and throws a StopIteration exception when there are no more elements. 2. The generator uses function definition to generate data on demand, saving memory and supporting infinite sequences. 3. Use iterators when processing existing sets, use a generator when dynamically generating big data or lazy evaluation, such as loading line by line when reading large files. Note: Iterable objects such as lists are not iterators. They need to be recreated after the iterator reaches its end, and the generator can only traverse it once.
How to handle API authentication in Python
Jul 13, 2025 am 02:22 AM
The key to dealing with API authentication is to understand and use the authentication method correctly. 1. APIKey is the simplest authentication method, usually placed in the request header or URL parameters; 2. BasicAuth uses username and password for Base64 encoding transmission, which is suitable for internal systems; 3. OAuth2 needs to obtain the token first through client_id and client_secret, and then bring the BearerToken in the request header; 4. In order to deal with the token expiration, the token management class can be encapsulated and automatically refreshed the token; in short, selecting the appropriate method according to the document and safely storing the key information is the key.
Explain Python assertions.
Jul 07, 2025 am 12:14 AM
Assert is an assertion tool used in Python for debugging, and throws an AssertionError when the condition is not met. Its syntax is assert condition plus optional error information, which is suitable for internal logic verification such as parameter checking, status confirmation, etc., but cannot be used for security or user input checking, and should be used in conjunction with clear prompt information. It is only available for auxiliary debugging in the development stage rather than substituting exception handling.
How to iterate over two lists at once Python
Jul 09, 2025 am 01:13 AM
A common method to traverse two lists simultaneously in Python is to use the zip() function, which will pair multiple lists in order and be the shortest; if the list length is inconsistent, you can use itertools.zip_longest() to be the longest and fill in the missing values; combined with enumerate(), you can get the index at the same time. 1.zip() is concise and practical, suitable for paired data iteration; 2.zip_longest() can fill in the default value when dealing with inconsistent lengths; 3.enumerate(zip()) can obtain indexes during traversal, meeting the needs of a variety of complex scenarios.
What are Python type hints?
Jul 07, 2025 am 02:55 AM
TypehintsinPythonsolvetheproblemofambiguityandpotentialbugsindynamicallytypedcodebyallowingdeveloperstospecifyexpectedtypes.Theyenhancereadability,enableearlybugdetection,andimprovetoolingsupport.Typehintsareaddedusingacolon(:)forvariablesandparamete
What are python iterators?
Jul 08, 2025 am 02:56 AM
InPython,iteratorsareobjectsthatallowloopingthroughcollectionsbyimplementing__iter__()and__next__().1)Iteratorsworkviatheiteratorprotocol,using__iter__()toreturntheiteratorand__next__()toretrievethenextitemuntilStopIterationisraised.2)Aniterable(like
Python FastAPI tutorial
Jul 12, 2025 am 02:42 AM
To create modern and efficient APIs using Python, FastAPI is recommended; it is based on standard Python type prompts and can automatically generate documents, with excellent performance. After installing FastAPI and ASGI server uvicorn, you can write interface code. By defining routes, writing processing functions, and returning data, APIs can be quickly built. FastAPI supports a variety of HTTP methods and provides automatically generated SwaggerUI and ReDoc documentation systems. URL parameters can be captured through path definition, while query parameters can be implemented by setting default values ??for function parameters. The rational use of Pydantic models can help improve development efficiency and accuracy.
