django jwt签发
安装
pip install djangorestframework-jwt
配置
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}
JWT_AUTH = {
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER': 'users.utils.jwt_response_payload_handler', # users为一个子应用
}
添加jwt_response_payload_handler函数
在users/utils.py 中,创建
def jwt_response_payload_handler(token, user=None, request=None):
"""
自定义jwt认证成功返回数据
"""
return {
'token': token,
'user_id': user.id,
'username': user.username
}
路由
from rest_framework_jwt.views import obtain_jwt_token
urlpatterns = [
url(r'^login/$', obtain_jwt_token),
]
postman模拟用户登录,获取token
验证token
编写一个视图函数,用于获取用户信息,只有在用户携带token访问时才能正常获取。
编写url
urlpatterns = [
url(r’^user/$’, views.UserView.as_view()),
]
简单编写序列化器
class UserDetailSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = (‘id’, ‘username’, ‘email’)
编写视图函数
class UserView(RetrieveAPIView):
"""
测试jwt
"""
serializer_class = UserDetailSerializer
permission_classes = [IsAuthenticated] # 只用通过登录认证的才能访问
def get_object(self):
return self.request.user
通过postman模拟请求
需要在请求头里添加Authorization
key:Authorization
value:JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjozLCJ1c2VybmFtZSI6ImR4ZCIsImV4cCI6MTU2OTQ4OTgyNSwiZW1haWwiOiJ4ZGRvbmdAYWJsZXdheS5jb20uY24ifQ.xqlufuKE6TMUjDYg87jOZZCmYzbSkptS225RTIUWrxs
注意value中 JWT与token之间有个空格