如何在 django-graphql-jwt 中配置 JWT 令牌以获取令牌中的 userId 而不仅仅是用户名?
How to configure the JWT token in django-graphql-jwt to obtain the userId in the token instead of just the username?
TLDR - 但默认情况下从后端发送的 JWT 令牌仅包含用户名。我想要 userId,因为 well.This 是它当前包含的内容:-
HEADER:ALGORITHM & TOKEN TYPE
{
"typ": "JWT",
"alg": "HS256"
}
PAYLOAD:DATA
{
"username": "admin", <---- I have the username already. Need the userId as well!
"exp": 1621845856,
"origIat": 1621845556
}
VERIFY SIGNATURE
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
your-256-bit-secret
) secret base64 encoded
我有一个 Django GraphQL API(使用 Graphene、django-graphql-auth、django-graphql-jwt)和一个 Angular 前端。我有完整的身份验证设置。现在我面临的问题是我将令牌存储在本地存储中,因此当用户再次打开浏览器时,我想验证该令牌并仅使用其中的信息来获取用户的 ID 然后使用它userId 来获取他们的用户个人资料信息,这是完成登录过程的必要步骤。
我不确定如何自定义负载以包含 userId。这样当用户在关闭后打开浏览器时,我可以简单地使用令牌中的信息来完全登录。我对 Python 和 Django 都很陌生。我无法在网上的任何地方找到详细的过程,也许我没有在寻找正确的东西或在正确的地方。详细说明会很有帮助。
以下是对 here.
找到的解决方案的更彻底再现
我们基本上需要覆盖作为 graphql_jwt 包的一部分的 jwt_payload 方法。
将此添加到项目的 settings.py
GRAPHQL_JWT = {
'JWT_PAYLOAD_HANDLER': 'common.utils.jwt_payload',
}
在 common 文件夹中创建以下文件,该文件夹位于 manage.py 文件所在的同一目录中。
在内部,创建以下两个文件:-
这是我们在 sub 属性中添加 user_id 的地方。
utils.py
from calendar import timegm
from datetime import datetime
from .settings import jwt_settings
def jwt_payload(user, context=None):
username = user.get_username()
user_id = str(user.id)
if hasattr(username, 'pk'):
username = username.pk
payload = {
user.USERNAME_FIELD: username,
'sub': user_id,
'exp': datetime.utcnow() + jwt_settings.JWT_EXPIRATION_DELTA,
}
if jwt_settings.JWT_ALLOW_REFRESH:
payload['origIat'] = timegm(datetime.utcnow().utctimetuple())
if jwt_settings.JWT_AUDIENCE is not None:
payload['aud'] = jwt_settings.JWT_AUDIENCE
if jwt_settings.JWT_ISSUER is not None:
payload['iss'] = jwt_settings.JWT_ISSUER
return payload
common 文件夹中的这个 settings.py 文件只是一个依赖项。对于 utils.py.
settings.py
from datetime import timedelta
from importlib import import_module
from django.conf import settings
from django.contrib.auth import get_user_model
from django.test.signals import setting_changed
DEFAULTS = {
'JWT_ALGORITHM': 'HS256',
'JWT_AUDIENCE': None,
'JWT_ISSUER': None,
'JWT_LEEWAY': 0,
'JWT_SECRET_KEY': settings.SECRET_KEY,
'JWT_VERIFY': True,
'JWT_VERIFY_EXPIRATION': False,
'JWT_EXPIRATION_DELTA': timedelta(seconds=60 * 5),
'JWT_ALLOW_REFRESH': True,
'JWT_REFRESH_EXPIRATION_DELTA': timedelta(days=7),
'JWT_LONG_RUNNING_REFRESH_TOKEN': False,
'JWT_REFRESH_TOKEN_MODEL': 'refresh_token.RefreshToken',
'JWT_REFRESH_TOKEN_N_BYTES': 20,
'JWT_AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_ALLOW_ARGUMENT': False,
'JWT_ARGUMENT_NAME': 'token',
'JWT_ENCODE_HANDLER': 'graphql_jwt.utils.jwt_encode',
'JWT_DECODE_HANDLER': 'graphql_jwt.utils.jwt_decode',
'JWT_PAYLOAD_HANDLER': 'graphql_jwt.utils.jwt_payload',
'JWT_PAYLOAD_GET_USERNAME_HANDLER': (
lambda payload: payload.get(get_user_model().USERNAME_FIELD)
),
'JWT_GET_USER_BY_NATURAL_KEY_HANDLER':
'graphql_jwt.utils.get_user_by_natural_key',
'JWT_REFRESH_EXPIRED_HANDLER': 'graphql_jwt.utils.refresh_has_expired',
'JWT_GET_REFRESH_TOKEN_HANDLER':
'graphql_jwt.refresh_token.utils.get_refresh_token_by_model',
'JWT_ALLOW_ANY_HANDLER': 'graphql_jwt.middleware.allow_any',
'JWT_ALLOW_ANY_CLASSES': (),
'JWT_COOKIE_NAME': 'JWT',
'JWT_REFRESH_TOKEN_COOKIE_NAME': 'JWT-refresh-token',
'JWT_COOKIE_SECURE': False,
}
IMPORT_STRINGS = (
'JWT_ENCODE_HANDLER',
'JWT_DECODE_HANDLER',
'JWT_PAYLOAD_HANDLER',
'JWT_PAYLOAD_GET_USERNAME_HANDLER',
'JWT_GET_USER_BY_NATURAL_KEY_HANDLER',
'JWT_REFRESH_EXPIRED_HANDLER',
'JWT_GET_REFRESH_TOKEN_HANDLER',
'JWT_ALLOW_ANY_HANDLER',
'JWT_ALLOW_ANY_CLASSES',
)
def perform_import(value, setting_name):
if isinstance(value, str):
return import_from_string(value, setting_name)
if isinstance(value, (list, tuple)):
return [import_from_string(item, setting_name) for item in value]
return value
def import_from_string(value, setting_name):
try:
module_path, class_name = value.rsplit('.', 1)
module = import_module(module_path)
return getattr(module, class_name)
except (ImportError, AttributeError) as e:
msg = 'Could not import `{}` for JWT setting `{}`. {}: {}.'.format(
value, setting_name, e.__class__.__name__, e,
)
raise ImportError(msg)
class JWTSettings:
def __init__(self, defaults, import_strings):
self.defaults = defaults
self.import_strings = import_strings
self._cached_attrs = set()
def __getattr__(self, attr):
if attr not in self.defaults:
raise AttributeError('Invalid setting: `{}`'.format(attr))
value = self.user_settings.get(attr, self.defaults[attr])
if attr == 'JWT_ALLOW_ANY_CLASSES':
value = list(value) + [
'graphql_jwt.mixins.JSONWebTokenMixin',
'graphql_jwt.mixins.VerifyMixin',
'graphql_jwt.refresh_token.mixins.RevokeMixin',
]
if attr in self.import_strings:
value = perform_import(value, attr)
self._cached_attrs.add(attr)
setattr(self, attr, value)
return value
@property
def user_settings(self):
if not hasattr(self, '_user_settings'):
self._user_settings = getattr(settings, 'GRAPHQL_JWT', {})
return self._user_settings
def reload(self):
for attr in self._cached_attrs:
delattr(self, attr)
self._cached_attrs.clear()
if hasattr(self, '_user_settings'):
delattr(self, '_user_settings')
def reload_settings(*args, **kwargs):
setting = kwargs['setting']
if setting == 'GRAPHQL_JWT':
jwt_settings.reload()
setting_changed.connect(reload_settings)
jwt_settings = JWTSettings(DEFAULTS, IMPORT_STRINGS)
TLDR - 但默认情况下从后端发送的 JWT 令牌仅包含用户名。我想要 userId,因为 well.This 是它当前包含的内容:-
HEADER:ALGORITHM & TOKEN TYPE
{
"typ": "JWT",
"alg": "HS256"
}
PAYLOAD:DATA
{
"username": "admin", <---- I have the username already. Need the userId as well!
"exp": 1621845856,
"origIat": 1621845556
}
VERIFY SIGNATURE
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
your-256-bit-secret
) secret base64 encoded
我有一个 Django GraphQL API(使用 Graphene、django-graphql-auth、django-graphql-jwt)和一个 Angular 前端。我有完整的身份验证设置。现在我面临的问题是我将令牌存储在本地存储中,因此当用户再次打开浏览器时,我想验证该令牌并仅使用其中的信息来获取用户的 ID 然后使用它userId 来获取他们的用户个人资料信息,这是完成登录过程的必要步骤。
我不确定如何自定义负载以包含 userId。这样当用户在关闭后打开浏览器时,我可以简单地使用令牌中的信息来完全登录。我对 Python 和 Django 都很陌生。我无法在网上的任何地方找到详细的过程,也许我没有在寻找正确的东西或在正确的地方。详细说明会很有帮助。
以下是对 here.
找到的解决方案的更彻底再现我们基本上需要覆盖作为 graphql_jwt 包的一部分的 jwt_payload 方法。
将此添加到项目的 settings.py
GRAPHQL_JWT = {
'JWT_PAYLOAD_HANDLER': 'common.utils.jwt_payload',
}
在 common 文件夹中创建以下文件,该文件夹位于 manage.py 文件所在的同一目录中。
在内部,创建以下两个文件:-
这是我们在 sub 属性中添加 user_id 的地方。
utils.py
from calendar import timegm
from datetime import datetime
from .settings import jwt_settings
def jwt_payload(user, context=None):
username = user.get_username()
user_id = str(user.id)
if hasattr(username, 'pk'):
username = username.pk
payload = {
user.USERNAME_FIELD: username,
'sub': user_id,
'exp': datetime.utcnow() + jwt_settings.JWT_EXPIRATION_DELTA,
}
if jwt_settings.JWT_ALLOW_REFRESH:
payload['origIat'] = timegm(datetime.utcnow().utctimetuple())
if jwt_settings.JWT_AUDIENCE is not None:
payload['aud'] = jwt_settings.JWT_AUDIENCE
if jwt_settings.JWT_ISSUER is not None:
payload['iss'] = jwt_settings.JWT_ISSUER
return payload
common 文件夹中的这个 settings.py 文件只是一个依赖项。对于 utils.py.
settings.py
from datetime import timedelta
from importlib import import_module
from django.conf import settings
from django.contrib.auth import get_user_model
from django.test.signals import setting_changed
DEFAULTS = {
'JWT_ALGORITHM': 'HS256',
'JWT_AUDIENCE': None,
'JWT_ISSUER': None,
'JWT_LEEWAY': 0,
'JWT_SECRET_KEY': settings.SECRET_KEY,
'JWT_VERIFY': True,
'JWT_VERIFY_EXPIRATION': False,
'JWT_EXPIRATION_DELTA': timedelta(seconds=60 * 5),
'JWT_ALLOW_REFRESH': True,
'JWT_REFRESH_EXPIRATION_DELTA': timedelta(days=7),
'JWT_LONG_RUNNING_REFRESH_TOKEN': False,
'JWT_REFRESH_TOKEN_MODEL': 'refresh_token.RefreshToken',
'JWT_REFRESH_TOKEN_N_BYTES': 20,
'JWT_AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_ALLOW_ARGUMENT': False,
'JWT_ARGUMENT_NAME': 'token',
'JWT_ENCODE_HANDLER': 'graphql_jwt.utils.jwt_encode',
'JWT_DECODE_HANDLER': 'graphql_jwt.utils.jwt_decode',
'JWT_PAYLOAD_HANDLER': 'graphql_jwt.utils.jwt_payload',
'JWT_PAYLOAD_GET_USERNAME_HANDLER': (
lambda payload: payload.get(get_user_model().USERNAME_FIELD)
),
'JWT_GET_USER_BY_NATURAL_KEY_HANDLER':
'graphql_jwt.utils.get_user_by_natural_key',
'JWT_REFRESH_EXPIRED_HANDLER': 'graphql_jwt.utils.refresh_has_expired',
'JWT_GET_REFRESH_TOKEN_HANDLER':
'graphql_jwt.refresh_token.utils.get_refresh_token_by_model',
'JWT_ALLOW_ANY_HANDLER': 'graphql_jwt.middleware.allow_any',
'JWT_ALLOW_ANY_CLASSES': (),
'JWT_COOKIE_NAME': 'JWT',
'JWT_REFRESH_TOKEN_COOKIE_NAME': 'JWT-refresh-token',
'JWT_COOKIE_SECURE': False,
}
IMPORT_STRINGS = (
'JWT_ENCODE_HANDLER',
'JWT_DECODE_HANDLER',
'JWT_PAYLOAD_HANDLER',
'JWT_PAYLOAD_GET_USERNAME_HANDLER',
'JWT_GET_USER_BY_NATURAL_KEY_HANDLER',
'JWT_REFRESH_EXPIRED_HANDLER',
'JWT_GET_REFRESH_TOKEN_HANDLER',
'JWT_ALLOW_ANY_HANDLER',
'JWT_ALLOW_ANY_CLASSES',
)
def perform_import(value, setting_name):
if isinstance(value, str):
return import_from_string(value, setting_name)
if isinstance(value, (list, tuple)):
return [import_from_string(item, setting_name) for item in value]
return value
def import_from_string(value, setting_name):
try:
module_path, class_name = value.rsplit('.', 1)
module = import_module(module_path)
return getattr(module, class_name)
except (ImportError, AttributeError) as e:
msg = 'Could not import `{}` for JWT setting `{}`. {}: {}.'.format(
value, setting_name, e.__class__.__name__, e,
)
raise ImportError(msg)
class JWTSettings:
def __init__(self, defaults, import_strings):
self.defaults = defaults
self.import_strings = import_strings
self._cached_attrs = set()
def __getattr__(self, attr):
if attr not in self.defaults:
raise AttributeError('Invalid setting: `{}`'.format(attr))
value = self.user_settings.get(attr, self.defaults[attr])
if attr == 'JWT_ALLOW_ANY_CLASSES':
value = list(value) + [
'graphql_jwt.mixins.JSONWebTokenMixin',
'graphql_jwt.mixins.VerifyMixin',
'graphql_jwt.refresh_token.mixins.RevokeMixin',
]
if attr in self.import_strings:
value = perform_import(value, attr)
self._cached_attrs.add(attr)
setattr(self, attr, value)
return value
@property
def user_settings(self):
if not hasattr(self, '_user_settings'):
self._user_settings = getattr(settings, 'GRAPHQL_JWT', {})
return self._user_settings
def reload(self):
for attr in self._cached_attrs:
delattr(self, attr)
self._cached_attrs.clear()
if hasattr(self, '_user_settings'):
delattr(self, '_user_settings')
def reload_settings(*args, **kwargs):
setting = kwargs['setting']
if setting == 'GRAPHQL_JWT':
jwt_settings.reload()
setting_changed.connect(reload_settings)
jwt_settings = JWTSettings(DEFAULTS, IMPORT_STRINGS)