使用 PyJWT 基于 Django 令牌的身份验证,令牌验证问题
Django Token based authentication using PyJWT , issue with verification of token
我正在 Python Django 中实施基于令牌的身份验证,因此我遵循基于令牌的身份验证步骤,如下所述:
In token-based authentication, cookies and sessions will not be used.
A token will be used for authenticating a user for each request to the
server. Let's redesign the first scenario with token-based
authentication.
It will use the following flow of control:
- The user provides a username and password in the login form and clicksLog In.
- After a request is made, validate the user on the backend by querying in the database. If the request is valid, create a token by
using the user information fetched from the database, and then return
that information in the response header so that we can store the token
browser in local storage.
- Provide token information in every request header for accessing restricted endpoints in the application.
- If the token fetched from the request header information is valid, let the user access the specified end point, and respond with JSON or
XML.
我已完成上面列出的前 2 个步骤。我需要继续第 3 步和第 4 步。因此,我正在编写一个 Django 装饰器来为我们完成任务。
但是,在身份验证步骤之后,我有点卡住了。
这是将 teacher_id 和 token 发送到服务器的 AngularJS 代码:
get_teacher_profile : function(teacher_id,token) {
$http.defaults.headers.common['Authorization'] = 'Token ' + token;
return $http.get("http://127.0.0.1:8000/user_manager/teacher/" + teacher_id + '/' + token)
.then(function(response) {
if (typeof response.data === 'object') {
return response.data;
} else { return "Error"; }
}, function(error) {
return null;
});
},
根据 Django rest 框架,这里是在 urls.py:
处指定的路由器
router.register(r'teacher', view.TeacherViewSet)
...这里是 TeacherViewSet class:
class TeacherViewSet(viewsets.ModelViewSet):
queryset = Teacher.objects.all()
serializer_class = Teacher_Serializer
现在我需要验证 TeacherViewSet 中的令牌。我尝试了一些装饰器,但无法访问我在 TeacherViewSet 中的 header 中设置的令牌。我正在使用 PyJWT 进行基于令牌的身份验证。如果有人以前遇到过这种情况,请告诉我。
请查看:
http://getblimp.github.io/django-rest-framework-jwt/#rest-framework-jwt-auth
这将在处理 django-rest-framework 时为您处理 JWT 支持。
我正在 Python Django 中实施基于令牌的身份验证,因此我遵循基于令牌的身份验证步骤,如下所述:
In token-based authentication, cookies and sessions will not be used. A token will be used for authenticating a user for each request to the server. Let's redesign the first scenario with token-based authentication.
It will use the following flow of control:
- The user provides a username and password in the login form and clicksLog In.
- After a request is made, validate the user on the backend by querying in the database. If the request is valid, create a token by using the user information fetched from the database, and then return that information in the response header so that we can store the token browser in local storage.
- Provide token information in every request header for accessing restricted endpoints in the application.
- If the token fetched from the request header information is valid, let the user access the specified end point, and respond with JSON or XML.
我已完成上面列出的前 2 个步骤。我需要继续第 3 步和第 4 步。因此,我正在编写一个 Django 装饰器来为我们完成任务。
但是,在身份验证步骤之后,我有点卡住了。
这是将 teacher_id 和 token 发送到服务器的 AngularJS 代码:
get_teacher_profile : function(teacher_id,token) {
$http.defaults.headers.common['Authorization'] = 'Token ' + token;
return $http.get("http://127.0.0.1:8000/user_manager/teacher/" + teacher_id + '/' + token)
.then(function(response) {
if (typeof response.data === 'object') {
return response.data;
} else { return "Error"; }
}, function(error) {
return null;
});
},
根据 Django rest 框架,这里是在 urls.py:
处指定的路由器router.register(r'teacher', view.TeacherViewSet)
...这里是 TeacherViewSet class:
class TeacherViewSet(viewsets.ModelViewSet):
queryset = Teacher.objects.all()
serializer_class = Teacher_Serializer
现在我需要验证 TeacherViewSet 中的令牌。我尝试了一些装饰器,但无法访问我在 TeacherViewSet 中的 header 中设置的令牌。我正在使用 PyJWT 进行基于令牌的身份验证。如果有人以前遇到过这种情况,请告诉我。
请查看:
http://getblimp.github.io/django-rest-framework-jwt/#rest-framework-jwt-auth
这将在处理 django-rest-framework 时为您处理 JWT 支持。