{ "info": { "author": "Jose Padilla", "author_email": "hello@jpadilla.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 3", "Topic :: Internet :: WWW/HTTP" ], "description": "# Django JWT Auth\n\n[![build-status-image]][travis]\n[![pypi-version]][pypi]\n\n## Overview\nThis package provides [JSON Web Token Authentication](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token) support for Django.\n\nBased on the [Django REST Framework JWT Auth](https://github.com/GetBlimp/django-rest-framework-jwt) package.\n\n## Installation\n\nInstall using `pip`...\n\n```\n$ pip install django-jwt-auth\n```\n\n## Usage\n\nIn your `urls.py` add the following URL route to enable obtaining a token via a POST included the user's username and password.\n\n```python\nurlpatterns = patterns(\n '',\n # ...\n\n url(r'^api-token-auth/', 'jwt_auth.views.obtain_jwt_token'),\n)\n```\n\nYou can easily test if the endpoint is working by doing the following in your terminal, if you had a user created with the username **admin** and password **abc123**.\n\n```bash\n$ curl -X POST -H \"Content-Type: application/json\" -d '{\"username\":\"admin\",\"password\":\"abc123\"}' http://localhost:8000/api-token-auth/\n```\n\nNow in order to access protected api urls you must include the `Authorization: Bearer ` header.\n\n```bash\n$ curl -H \"Authorization: Bearer \" http://localhost:8000/protected-url/\n```\n\n## Additional Settings\nThere are some additional settings that you can override similar to how you'd do it with Django REST framework itself. Here are all the available defaults.\n\n```python\nJWT_ENCODE_HANDLER = 'jwt_auth.utils.jwt_encode_handler'\nJWT_DECODE_HANDLER = 'jwt_auth.utils.jwt_decode_handler',\nJWT_PAYLOAD_HANDLER = 'jwt_auth.utils.jwt_payload_handler'\nJWT_PAYLOAD_GET_USER_ID_HANDLER = 'jwt_auth.utils.jwt_get_user_id_from_payload_handler'\nJWT_SECRET_KEY: SECRET_KEY\nJWT_ALGORITHM = 'HS256'\nJWT_VERIFY = True\nJWT_VERIFY_EXPIRATION = True\nJWT_LEEWAY = 0\nJWT_EXPIRATION_DELTA = datetime.timedelta(seconds=300)\nJWT_ALLOW_REFRESH = False\nJWT_REFRESH_EXPIRATION_DELTA = datetime.timedelta(days=7)\nJWT_AUTH_HEADER_PREFIX = 'Bearer'\n```\nThis packages uses the JSON Web Token Python implementation, [PyJWT](https://github.com/progrium/pyjwt) and allows to modify some of it's available options.\n\n### JWT_SECRET_KEY\nThis is the secret key used to encrypt the JWT. Make sure this is safe and not shared or public.\n\nDefault is your project's `settings.SECRET_KEY`.\n\n### JWT_ALGORITHM\n\nPossible values:\n\n> * HS256 - HMAC using SHA-256 hash algorithm (default)\n> * HS384 - HMAC using SHA-384 hash algorithm\n> * HS512 - HMAC using SHA-512 hash algorithm\n> * RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash algorithm\n> * RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash algorithm\n> * RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash algorithm\n\nNote:\n> For the RSASSA-PKCS1-v1_5 algorithms, the \"secret\" argument in jwt.encode is supposed to be a private RSA key as\n> imported with Crypto.PublicKey.RSA.importKey. Likewise, the \"secret\" argument in jwt.decode is supposed to be the\n> public RSA key imported with the same method.\n\nDefault is `\"HS256\"`.\n\n### JWT_VERIFY\n\nIf the secret is wrong, it will raise a jwt.DecodeError telling you as such. You can still get at the payload by setting the `JWT_VERIFY` to `False`.\n\nDefault is `True`.\n\n### JWT_VERIFY_EXPIRATION\n\nYou can turn off expiration time verification with by setting `JWT_VERIFY_EXPIRATION` to `False`.\n\nDefault is `True`.\n\n### JWT_LEEWAY\n\n> This allows you to validate an expiration time which is in the past but no very far. For example, if you have a JWT payload with an expiration time set to 30 seconds after creation but you know that sometimes you will process it after 30 seconds, you can set a leeway of 10 seconds in order to have some margin.\n\nDefault is `0` seconds.\n\n### JWT_EXPIRATION_DELTA\nThis is an instance of Python's `datetime.timedelta`. This will be added to `datetime.utcnow()` to set the expiration time.\n\nDefault is `datetime.timedelta(seconds=300)`(5 minutes).\n\n### JWT_ALLOW_REFRESH\nEnable token refresh functionality. Token issued from `rest_framework_jwt.views.obtain_jwt_token` will have an `orig_iat` field. Default is `False`\n\n### JWT_REFRESH_EXPIRATION_DELTA\nLimit on token refresh, is a `datetime.timedelta` instance. This is how much time after the original token that future tokens can be refreshed from.\n\nDefault is `datetime.timedelta(days=7)` (7 days).\n\n### JWT_PAYLOAD_HANDLER\nSpecify a custom function to generate the token payload\n\n### JWT_PAYLOAD_GET_USER_ID_HANDLER\nIf you store `user_id` differently than the default payload handler does, implement this function to fetch `user_id` from the payload.\n\n### JWT_AUTH_HEADER_PREFIX\nYou can modify the Authorization header value prefix that is required to be sent together with the token.\n\nDefault is `Bearer`.\n\n\n[build-status-image]: https://secure.travis-ci.org/jpadilla/django-jwt-auth.svg?branch=master\n[travis]: http://travis-ci.org/jpadilla/django-jwt-auth?branch=master\n[pypi-version]: https://img.shields.io/pypi/v/django-jwt-auth.svg\n[pypi]: https://pypi.python.org/pypi/django-jwt-auth\n", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/jpadilla/django-jwt-auth", "keywords": null, "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "django-jwt-auth", "package_url": "https://pypi.org/project/django-jwt-auth/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/django-jwt-auth/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/jpadilla/django-jwt-auth" }, "release_url": "https://pypi.org/project/django-jwt-auth/0.0.2/", "requires_dist": null, "requires_python": null, "summary": "JSON Web Token based authentication for Django", "version": "0.0.2" }, "last_serial": 1923710, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "e6b3fcf155eb95300f75b7173a9824b4", "sha256": "7d0c6a1e923faddf9bb1c392bf01f8d8967040b4cd0cc9048682c9b11b06a407" }, "downloads": -1, "filename": "django_jwt_auth-0.0.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e6b3fcf155eb95300f75b7173a9824b4", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 17147, "upload_time": "2014-09-02T01:00:04", "url": "https://files.pythonhosted.org/packages/17/cf/9fd4591d3bbf8ee98e0601423e16b0590a8150317ab63342d11035bcb486/django_jwt_auth-0.0.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "a3ff55aff2f8d82ace05b673ba6f4653", "sha256": "49688ff7f895887f4b390b41549fa293d2dc1c783f64647b87b247eb6fe72bf1" }, "downloads": -1, "filename": "django-jwt-auth-0.0.1.tar.gz", "has_sig": false, "md5_digest": "a3ff55aff2f8d82ace05b673ba6f4653", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7318, "upload_time": "2014-09-02T00:59:52", "url": "https://files.pythonhosted.org/packages/61/e6/4968826d3d6ee4ca475510272bc33d851e7f4f28ea4c30db213ab7f80b42/django-jwt-auth-0.0.1.tar.gz" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "e767a3528d4560db8d987ff9953c29f7", "sha256": "6925215e90a9e49da5352cbcb568a0087c8d385faeffa4f7963dad99e3c9b780" }, "downloads": -1, "filename": "django_jwt_auth-0.0.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e767a3528d4560db8d987ff9953c29f7", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 8042, "upload_time": "2016-01-26T13:35:39", "url": "https://files.pythonhosted.org/packages/a8/29/45731bc1cdb42fe2970039764aaaf99bac62cf956d864f168270019c41c4/django_jwt_auth-0.0.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3317ee9e1aa40ebb5d06c881900f68c9", "sha256": "14500d927fb83959e31371fd7df6dcde76b99011d3b0fc3f1849be373fb04532" }, "downloads": -1, "filename": "django-jwt-auth-0.0.2.tar.gz", "has_sig": false, "md5_digest": "3317ee9e1aa40ebb5d06c881900f68c9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7415, "upload_time": "2016-01-26T13:35:13", "url": "https://files.pythonhosted.org/packages/8a/ac/bbb1c3cb6d988222458c8268ca108b0229ea4ed93587dc5246b5c4f775b8/django-jwt-auth-0.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e767a3528d4560db8d987ff9953c29f7", "sha256": "6925215e90a9e49da5352cbcb568a0087c8d385faeffa4f7963dad99e3c9b780" }, "downloads": -1, "filename": "django_jwt_auth-0.0.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e767a3528d4560db8d987ff9953c29f7", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 8042, "upload_time": "2016-01-26T13:35:39", "url": "https://files.pythonhosted.org/packages/a8/29/45731bc1cdb42fe2970039764aaaf99bac62cf956d864f168270019c41c4/django_jwt_auth-0.0.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3317ee9e1aa40ebb5d06c881900f68c9", "sha256": "14500d927fb83959e31371fd7df6dcde76b99011d3b0fc3f1849be373fb04532" }, "downloads": -1, "filename": "django-jwt-auth-0.0.2.tar.gz", "has_sig": false, "md5_digest": "3317ee9e1aa40ebb5d06c881900f68c9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7415, "upload_time": "2016-01-26T13:35:13", "url": "https://files.pythonhosted.org/packages/8a/ac/bbb1c3cb6d988222458c8268ca108b0229ea4ed93587dc5246b5c4f775b8/django-jwt-auth-0.0.2.tar.gz" } ] }