Ninja JWT

Abstract

Ninja JWT is a JSON Web Token (JWT) plugin for Django-Ninja. This library is a fork of Simple JWT by Jazzband, a widely-used JWT plugin for the Django REST Framework.

Notice

This library does not address any issues present in the original SIMPLE JWT. It only adds support for Django-Ninja and removes dependencies on DRF. Subsequent updates from SIMPLE JWT will be reflected here over time.

For full documentation, visit this page.

Requirements

• Python >= 3.6
• Django >= 2.1
• Django-Ninja >= 0.16.1
• Django-Ninja-Extra >= 0.14.2

Example

Checkout this sample project: https://github.com/eadwinCode/bookstoreapi

Installation

Ninja JWT can be installed with pip:

pip install django-ninja-jwt 

You also need to register the NinjaJWTDefaultController controller to your Django-Ninja API:

from ninja_jwt.controller import NinjaJWTDefaultController from ninja_extra import NinjaExtraAPI api = NinjaExtraAPI() api.register_controllers(NinjaJWTDefaultController) 

The NinjaJWTDefaultController includes three routes: obtain_token, refresh_token, and verify_token. It combines two subclasses, TokenVerificationController and TokenObtainPairController. If you want to customize these routes, you can inherit from these controllers and modify their implementation:

from ninja_extra import api_controller from ninja_jwt.controller import TokenObtainPairController @api_controller('token', tags=['Auth']) class MyCustomController(TokenObtainPairController):  """obtain_token and refresh_token only""" ... api.register_controllers(MyCustomController) 

To use localizations/translations, add ninja_jwt to your INSTALLED_APPS:

INSTALLED_APPS = [ ... 'ninja_jwt', ... ] 

Using Ninja Router

If you prefer not to follow the NinjaExtra methodology, refer to this documentation on how to use Ninja-JWT with Django-Ninja Router.

Usage

To verify that Ninja JWT is working, you can use curl to issue a couple of test requests:

curl \ -X POST \ -H "Content-Type: application/json" \ -d '{"username": "davidattenborough", "password": "boatymcboatface"}' \ http://localhost:8000/api/token/pair ... { "access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNDU2LCJqdGkiOiJmZDJmOWQ1ZTFhN2M0MmU4OTQ5MzVlMzYyYmNhOGJjYSJ9.NHlztMGER7UADHZJlxNG0WSi22a2KaYSfd1S-AuT7lU", "refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4" } 

You can use the returned access token to prove authentication for a protected view:

curl \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNDU2LCJqdGkiOiJmZDJmOWQ1ZTFhN2M0MmU4OTQ5MzVlMzYyYmNhOGJjYSJ9.NHlztMGER7UADHZJlxNG0WSi22a2KaYSfd1S-AuT7lU" \ http://localhost:8000/api/some-protected-view/ 

When this short-lived access token expires, you can use the longer-lived refresh token to obtain another access token:

curl \ -X POST \ -H "Content-Type: application/json" \ -d '{"refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"}' \ http://localhost:8000/api/token/refresh ... {"access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNTY3LCJqdGkiOiJjNzE4ZTVkNjgzZWQ0NTQyYTU0NWJkM2VmMGI0ZGQ0ZSJ9.ekxRxgb9OKmHkfy-zs1Ro_xs1eMLXiR17dIDBVxeT-w"}