I am using djangorestframework-simplejwt for setting up the jwt token based authentication
In my user model i have column
jwt_secret = models.UUIDField(editable=False, default=uuid.uuid4)
I wanted to use different jwt_secret for each token user.
So in future if i want to logoff a user from all places i can change this value
In can see djangorestframework-simplejwt has a setting variable called SIGNING_KEY
How to mention in the settings that it should use per user based SIGNING_KEY
For more clearity
Actually you do not need to go that length to change secrets for each user. It will not only require changes within the library functions (overriding them in backend, serializers, and views), it might potentially break in future. Rather you can look into Blacklisting Apps where you can block access tokens from the admin site. As described in the documentation:
If the blacklist app is detected in INSTALLED_APPS, Simple JWT will add any generated refresh or sliding tokens to a list of outstanding tokens. It will also check that any refresh or sliding token does not appear in a blacklist of tokens before it considers it as valid. ... To add a token to the blacklist, find its corresponding OutstandingToken record in the admin and use the admin again to create a
BlacklistedToken
record that points to theOutstandingToken
record.
Thus you can block a access token which essentially logging out an user from admin site. You can add further more functionality on top of OutstandingToken
and BlacklistedToken
models using signals to fulfil the use cases, or you can build a custom view to do that.