Skip to content

Latest commit

 

History

History
53 lines (36 loc) · 1.76 KB

README.md

File metadata and controls

53 lines (36 loc) · 1.76 KB

Django Auth Protection

Django Auth Protection This package logout users from the system by changing the password in REST API.


Why Django Auth Protection?

Simple JWT provides a JSON Web Token authentication backend for the Django REST Framework. It aims to cover the most common use cases of JWTs by offering a conservative set of default features. It also aims to be easily extensible in case a desired feature is not present. But one of the problems is that when the users change the password, they can continue to work on the system with the previous token until it expires. This package overrides the Simple JWT to solve this problem.


How to use it


  • Download and install latest version of Django Auth Protection:
$ pip install django-auth-protection
# or
$ easy_install django-auth-protection

Then you have to create a custom TokenObtainPairView class and change the serializer_class to ProtectTokenObtainPairSerializer (follow the sample):

  • Make a custom TokenObtainPairView and change the serializer_class:
from auth_protection.serializers import ProtectTokenObtainPairSerializer


class CustomTokenObtainPairView(TokenObtainPairView):

    serializer_class = ProtectTokenObtainPairSerializer
  • Change All authentication_classes on your views and replace it with JWTAuthProtection:
from auth_protection.authentications import JWTAuthProtection


class SampleView(TARGET_VIEW):
    authentication_classes = [JWTAuthProtection]
  • Change your TokenRefreshView view to ProtectTokenRefreshView (EX: urls.py):
from auth_protection.views import ProtectTokenRefreshView

urlpatterns = [
    # ...
    path('YOUR_PATH/refresh/', ProtectTokenRefreshView.as_view(), name='URL_NAME'),
    # ...
]