django (djangorestframework-simplejwt) : How to set up SIGNING_KEY value different for each user
I am using djangorestframework-simplejwt for setting up the jwt token based authentication
In my user model i have column
jwt_secret = models.UUIDField(editable=False, default=uuid.uuid4)
I wanted to use different jwt_secret for each token user.
So in future if i want to logoff a user from all places i can change this value
In can see djangorestframework-simplejwt has a setting variable called SIGNING_KEY
How to mention in the settings that it should use per user based SIGNING_KEY
For more clearity
Actually you do not need to go that length to change secrets for each user. It will not only require changes within the library functions (overriding them in backend, serializers, and views), it might potentially break in future. Rather you can look into Blacklisting Apps where you can block access tokens from the admin site. As described in the documentation:
If the blacklist app is detected in INSTALLED_APPS, Simple JWT will add any generated refresh or sliding tokens to a list of outstanding tokens. It will also check that any refresh or sliding token does not appear in a blacklist of tokens before it considers it as valid. ... To add a token to the blacklist, find its corresponding OutstandingToken record in the admin and use the admin again to create a
BlacklistedTokenrecord that points to theOutstandingTokenrecord.
Thus you can block a access token which essentially logging out an user from admin site. You can add further more functionality on top of OutstandingToken and BlacklistedToken models using signals to fulfil the use cases, or you can build a custom view to do that.
- django: on pypy, psyco, unladen swallow or cpython, which one is the fastest?
- Password Reset functionality inheriting from Django clases - reverse url issues ('uidb64')
- how to log a file in Django
- Using filters with model inheritance
- How to render a pdf file as pdf in browser using django
- django.db.utils.ProgrammingError: relation "bot_trade" does not exist
- Django DRF: @permission_classes not working
- How to prevent bleach from escaping > (blockquote) tag used in Markdown
- how to solve django.db.utils.NotSupportedError in django
- CSRF cookie error after Django 3.2 update (DRF with token authentication)
- How to make an Inner Join in django?
- Object of type ListSerializer is not JSON serializable
- How to get the common name for a pytz timezone eg. EST/EDT for America/New_York
- How to serialize user permissions in Django Rest Framework?
- Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding, when trying to start uwsgi
- Error attempting to deploy my Django app on Vercel
- Complex query using Django QuerySets
- How to call asynchronous function in Django?
- Django Sitemaps : Get only pages of the current website
- How to manage.py loaddata in Django
- 'Invalid filter: 'length_is' Error in Django Template – How to Fix?
- How to call OneToOneField reverse relationship in template (django)?
- Django Rest Framework POST Update if existing or create
- Django: get current manage.py command
- Change Django ModelChoiceField to show users' full names rather than usernames
- How to do aggregate raw sql with julian date in sqlite (with django)
- Django send excel file to Celery Task. Error InMemoryUploadedFile
- Monitoring django rest framework api on production server
- Interactive Graphviz graphs in a web application
- Django: Not Found static/admin/css