django-token-manager

Release 1.1.2

A Django Rest Token Authentication system like telegram which will be using JWT as core with extended features.

Homepage PyPI Python

License
Other
Install
pip install django-token-manager==1.1.2

Documentation

django-token-manager

A Django Rest Token-Based Authentication App using JWT with full control on tokens.

Features

  • Before query database, check if token is in correct jwt format.
  • Get list of tokens for each user
  • Delete specific token
  • Delete all active tokens of user except active token
  • Fetch useful info for each token request like os, ip and ...

Why django-token-manager

Reason to use this module is that by default if you are using jwt system for token authorization of client, you don't have control on existing tokens. Of course, you can set an expiry date for each token. But if the expiration date isn't arrived yet, you can't delete this token. What happens if you want to delete all sessions of a user. With jwt you don't have control on it, and you should wait for expiration of token to be arrived.

The purpose of this package, is to give more control on jwt tokens. For this there will be a lookup_id in payload of each jwt token. First token with be validated with jwt algorithms. Then payload lookup_id will be checked on database and if available will give access. And with this solution no need to query on a big string (session string) on database, if the jwt token is valid, will just query on a db_index ed field lookup_id.

Requirements

To use this package following needed. if not provided will be installed automatically.

Django>=2.0
djangorestframework>=3.0
django-rest-captcha>=0.1.0

Installation

Note: This package is well tested on django>=2.0. But if you are using older versions can be used with minor changes in structure.

install using pip:

pip install django-token-manager

Usage

Now register app in your settings.py file.

INSTALLED_APPS = [
    "token_manager",
]

In your settings.py, add JSONWebTokenAuthentication to Django REST framework's DEFAULT_AUTHENTICATION_CLASSES.

REST_FRAMEWORK = {
    #...,
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'token_manager.authentication.JSONWebTokenAuthentication',
        ...
    ),
}

This package uses user-agents package for fetching user agent info like device OS, IP address and ... So you should register below to be able to use it:

MIDDLEWARE = [
    #...,
    'django_user_agents.middleware.UserAgentMiddleware',
]

Remember to apply migration files in database:

python manage.py migrate

working example to get Token for authentication.

curl -X POST -d "username=admin&password=admin" "http://localhost:8000/token/get/"

And to get list of tokens, Send current token via Authorization header to token/manage/ endpoit to get list of tokens.

curl -H "Authorization: JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb29rdXBfaWQiOjUsInVzZXJfaWQiOjEsInVzZXJuYW1lIjoiYWRtaW4iLCJleHAiOjE1OTg1MjY4MjEsImVtYWlsIjoiIn0.l6JyGgAs_hBRejX1BpvA7PjubM2m89lV35PTVUBnV_I" "http://localhost:8000/token/manage/"

Stats

Dependencies
5
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
6
Forks
0
Watchers
1
Contributors
2
Repository size
92.8 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.1.2
1.1.1
1.1.0
1.1
1.0

Contributors

Reza Torkaman Ahmadi cpolco


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-14 16:33:50 UTC

Login to resync this project