This tutorial introduces JSON Web Tokens (JWT) and demonstrates JWT authentication implementation in Django.
What are JWTs?
JWTs are encoded JSON strings used in request headers for authentication. They're created by hashing JSON data with a secret key, eliminating the need for constant database queries to verify user tokens.
How JWTs Work
Successful logins generate a JWT stored locally. Subsequent requests to protected URLs include this token in the header. The server verifies the JWT in the Authorization header, granting access if valid. A typical header looks like: Authorization: Bearer <token></token>
The process is illustrated below:
Authentication vs. Authorization
Authentication confirms user identity; authorization determines access rights to specific resources.
Django JWT Authentication Example
This tutorial builds a simple Django user authentication system using JWT.
Prerequisites:
- Django
- Python
Setup:
-
Create a project directory and virtual environment:
mkdir myprojects cd myprojects python3 -m venv venv # or virtualenv venv
-
Activate the environment:
source venv/bin/activate # or venv\Scripts\activate (Windows)
-
Create a Django project:
django-admin startproject django_auth
-
Install required packages:
pip install djangorestframework djangorestframework-jwt django psycopg2
-
Configure JWT settings in
settings.py:REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', ), } -
Create a
usersapp:cd django_auth python manage.py startapp users
-
Add
userstoINSTALLED_APPSinsettings.py.
Database Setup (PostgreSQL):
-
Create the
authdatabase and adjango_authuser with appropriate permissions (replace 'asdfgh' with a strong password). Consult PostgreSQL documentation for detailed instructions. -
Update
settings.pyDATABASESto use PostgreSQL:DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql_psycopg2', 'NAME': 'auth', 'USER': 'django_auth', 'PASSWORD': 'asdfgh', 'HOST': 'localhost', 'PORT': '', } }
Models (users/models.py):
Create a custom user model inheriting from AbstractBaseUser and PermissionsMixin:
from django.db import models
from django.utils import timezone
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
from django.db import transaction
class UserManager(BaseUserManager):
# ... (UserManager methods as in original example) ...
class User(AbstractBaseUser, PermissionsMixin):
# ... (User model fields as in original example) ...
objects = UserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name', 'last_name']
# ... (save method as in original example) ...
Migrations:
python manage.py makemigrations users python manage.py migrate python manage.py createsuperuser
User Serializers (users/serializers.py):
from rest_framework import serializers
from .models import User
class UserSerializer(serializers.ModelSerializer):
date_joined = serializers.ReadOnlyField()
class Meta:
model = User
fields = ('id', 'email', 'first_name', 'last_name', 'date_joined', 'password')
extra_kwargs = {'password': {'write_only': True}}
User Views (users/views.py):
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.generics import RetrieveUpdateAPIView
from rest_framework_jwt.settings import api_settings
from .serializers import UserSerializer
from .models import User
from django.conf import settings
import jwt
from rest_framework.decorators import api_view, permission_classes
from django.dispatch import Signal
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
user_logged_in = Signal()
class CreateUserAPIView(APIView):
permission_classes = (AllowAny,)
def post(self, request):
user = request.data
serializer = UserSerializer(data=user)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
class UserRetrieveUpdateAPIView(RetrieveUpdateAPIView):
permission_classes = (IsAuthenticated,)
serializer_class = UserSerializer
def get(self, request, *args, **kwargs):
serializer = self.serializer_class(request.user)
return Response(serializer.data, status=status.HTTP_200_OK)
def put(self, request, *args, **kwargs):
serializer_data = request.data.get('user', {})
serializer = UserSerializer(request.user, data=serializer_data, partial=True)
serializer.is_valid(raise_exception=True)
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
@api_view(['POST'])
@permission_classes([AllowAny, ])
def authenticate_user(request):
# ... (authentication logic as in original example) ...
URLs (users/urls.py and django_auth/urls.py):
mkdir myprojects cd myprojects python3 -m venv venv # or virtualenv venv
Remember to adjust the JWT settings in settings.py as needed, especially SECRET_KEY. Test the endpoints using tools like Postman. This revised response provides a more complete and structured implementation, addressing potential errors and clarifying the code. Remember to handle exceptions appropriately in a production environment.
The above is the detailed content of JWT Authentication in Django. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How does Python's unittest or pytest framework facilitate automated testing?
Jun 19, 2025 am 01:10 AM
Python's unittest and pytest are two widely used testing frameworks that simplify the writing, organizing and running of automated tests. 1. Both support automatic discovery of test cases and provide a clear test structure: unittest defines tests by inheriting the TestCase class and starting with test\_; pytest is more concise, just need a function starting with test\_. 2. They all have built-in assertion support: unittest provides assertEqual, assertTrue and other methods, while pytest uses an enhanced assert statement to automatically display the failure details. 3. All have mechanisms for handling test preparation and cleaning: un
How can Python be used for data analysis and manipulation with libraries like NumPy and Pandas?
Jun 19, 2025 am 01:04 AM
PythonisidealfordataanalysisduetoNumPyandPandas.1)NumPyexcelsatnumericalcomputationswithfast,multi-dimensionalarraysandvectorizedoperationslikenp.sqrt().2)PandashandlesstructureddatawithSeriesandDataFrames,supportingtaskslikeloading,cleaning,filterin
What are dynamic programming techniques, and how do I use them in Python?
Jun 20, 2025 am 12:57 AM
Dynamic programming (DP) optimizes the solution process by breaking down complex problems into simpler subproblems and storing their results to avoid repeated calculations. There are two main methods: 1. Top-down (memorization): recursively decompose the problem and use cache to store intermediate results; 2. Bottom-up (table): Iteratively build solutions from the basic situation. Suitable for scenarios where maximum/minimum values, optimal solutions or overlapping subproblems are required, such as Fibonacci sequences, backpacking problems, etc. In Python, it can be implemented through decorators or arrays, and attention should be paid to identifying recursive relationships, defining the benchmark situation, and optimizing the complexity of space.
How can you implement custom iterators in Python using __iter__ and __next__?
Jun 19, 2025 am 01:12 AM
To implement a custom iterator, you need to define the __iter__ and __next__ methods in the class. ① The __iter__ method returns the iterator object itself, usually self, to be compatible with iterative environments such as for loops; ② The __next__ method controls the value of each iteration, returns the next element in the sequence, and when there are no more items, StopIteration exception should be thrown; ③ The status must be tracked correctly and the termination conditions must be set to avoid infinite loops; ④ Complex logic such as file line filtering, and pay attention to resource cleaning and memory management; ⑤ For simple logic, you can consider using the generator function yield instead, but you need to choose a suitable method based on the specific scenario.
What are the emerging trends or future directions in the Python programming language and its ecosystem?
Jun 19, 2025 am 01:09 AM
Future trends in Python include performance optimization, stronger type prompts, the rise of alternative runtimes, and the continued growth of the AI/ML field. First, CPython continues to optimize, improving performance through faster startup time, function call optimization and proposed integer operations; second, type prompts are deeply integrated into languages ??and toolchains to enhance code security and development experience; third, alternative runtimes such as PyScript and Nuitka provide new functions and performance advantages; finally, the fields of AI and data science continue to expand, and emerging libraries promote more efficient development and integration. These trends indicate that Python is constantly adapting to technological changes and maintaining its leading position.
How do I perform network programming in Python using sockets?
Jun 20, 2025 am 12:56 AM
Python's socket module is the basis of network programming, providing low-level network communication functions, suitable for building client and server applications. To set up a basic TCP server, you need to use socket.socket() to create objects, bind addresses and ports, call .listen() to listen for connections, and accept client connections through .accept(). To build a TCP client, you need to create a socket object and call .connect() to connect to the server, then use .sendall() to send data and .recv() to receive responses. To handle multiple clients, you can use 1. Threads: start a new thread every time you connect; 2. Asynchronous I/O: For example, the asyncio library can achieve non-blocking communication. Things to note
How do I slice a list in Python?
Jun 20, 2025 am 12:51 AM
The core answer to Python list slicing is to master the [start:end:step] syntax and understand its behavior. 1. The basic format of list slicing is list[start:end:step], where start is the starting index (included), end is the end index (not included), and step is the step size; 2. Omit start by default start from 0, omit end by default to the end, omit step by default to 1; 3. Use my_list[:n] to get the first n items, and use my_list[-n:] to get the last n items; 4. Use step to skip elements, such as my_list[::2] to get even digits, and negative step values ??can invert the list; 5. Common misunderstandings include the end index not
Polymorphism in python classes
Jul 05, 2025 am 02:58 AM
Polymorphism is a core concept in Python object-oriented programming, referring to "one interface, multiple implementations", allowing for unified processing of different types of objects. 1. Polymorphism is implemented through method rewriting. Subclasses can redefine parent class methods. For example, the spoke() method of Animal class has different implementations in Dog and Cat subclasses. 2. The practical uses of polymorphism include simplifying the code structure and enhancing scalability, such as calling the draw() method uniformly in the graphical drawing program, or handling the common behavior of different characters in game development. 3. Python implementation polymorphism needs to satisfy: the parent class defines a method, and the child class overrides the method, but does not require inheritance of the same parent class. As long as the object implements the same method, this is called the "duck type". 4. Things to note include the maintenance
