im having a trouble with dj_rest_auth jwt package. when i signup for a new account it gives me both access token and refresh token in response, but when i try to login with credentials, all i get is access token, and refresh token is entirely empty! i configured the code as described in the documentation and the the tutorial that im following. Any idea about this problem? please let me know.
UPDATE: i just found that refresh token has been set correctly in the response header, but i cant figure out why its not in the response body and its shown empty?!
Settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.sites',
'rest_framework',
'rest_framework.authtoken',
'allauth',
'allauth.account',
'allauth.socialaccount',
'dj_rest_auth',
'dj_rest_auth.registration',
'accounts.apps.AccountsConfig',
]
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'accounts.permissions.IsStaffOrReadOnly',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'dj_rest_auth.jwt_auth.JWTCookieAuthentication',
],
}
SITE_ID = 1
REST_AUTH = {
'USE_JWT': True,
'JWT_AUTH_COOKIE': 'access',
'JWT_AUTH_REFRESH_COOKIE': 'refresh',
}
Response:
{
"access_token": "eyJhbGciOiJ.....",
"refresh_token": "",
"user": {
"pk": 2,
"username": "test_user_0",
"email": "[email protected]",
"first_name": "",
"last_name": ""
}
}
REST_AUTH = {
'USE_JWT': True,
'JWT_AUTH_HTTPONLY':False
}
change your rest_auth configuration to this then it should work
The AUTH_HTTPONLY configuration is expressly for disallowing access to the refresh_token for client-side JS. If you want it to only be managed through a cookie, do not change this, if you want to manage your auth state in your JS, you need to change it.