JWT token claims in Django Rest Framework
I am using rest_framework_simplejwt, and would like to add extra information to the access token returned for authorization purposes. Following along with https://django-rest-framework-simplejwt.readthedocs.io/en/latest/customizing_token_claims.html I am able to modify the access token. However I want to be able to add a claim based on the initial POSTed login. For example:
curl -X POST -H 'Content-type: application/json' -d '{"username": "user1", "password": "supersecretpassword", "project": "project1"}' https://myurl.com/api/token/
I would like to be able to add project1 to the access token. Is there a way to add extra information in that manner?
Added project field to TokenObtainSerializer.
CustomTokenObtainPairSerializer has added the process of adding project values to the token payload in TokenObtainPairSerializer.
serializers.py
from django.contrib.auth.models import update_last_login
from rest_framework_simplejwt.tokens import RefreshToken
from rest_framework_simplejwt.settings import api_settings
from rest_framework_simplejwt.serializers import TokenObtainSerializer
from rest_framework import serializers
class CustomTokenObtainSerializer(TokenObtainSerializer):
def __init__(self, *args, **kwargs) -> None:
super().__init__(*args, **kwargs)
self.fields["project"] = serializers.CharField()
class CustomTokenObtainPairSerializer(CustomTokenObtainSerializer):
token_class = RefreshToken
def validate(self, attrs):
data = super().validate(attrs)
refresh = self.get_token(self.user)
refresh["project"] = attrs["project"]
data["refresh"] = str(refresh)
data["access"] = str(refresh.access_token)
if api_settings.UPDATE_LAST_LOGIN:
update_last_login(None, self.user)
return data
To make the above Serializer class available in TokenOptainPairView, I modified the setting values related to settings.py SIMPLE_JWT.
settings.py
SIMPLE_JWT = {
...
"TOKEN_OBTAIN_SERIALIZER": "yourapp.serializers.CustomTokenObtainPairSerializer",
...
}
- Better way to insert a very large data into PostgreSQL tables
- Django templates: model.image.url gets relative url, how to get full domain url?
- How can I return HTTP status code 204 from a Django view?
- Django and Middleware which uses request.user is always Anonymous
- How to make Django to increase a field by db value?
- How to change admin panel in django?
- Type checking error: views.py:24: error: "HttpRequest" has no attribute "tenant"
- How do you add user-defined S3 metadata in when using django-storages
- Django decorator and middleware issue
- Celery beat not picking up periodic tasks
- ModuleNotFoundError: No module named 'dj_rest_auth'
- Raw SQL query issue in Django
- Datatables causes table element to disappear, only when deployed
- Google OAuth (DRF + Djoser) "Invalid state has been provided." after POST request with state and code
- Docker Image > 1GB in size from python:3.8.3-alpine
- Django Postgresql ORM optimisation
- Which one is the correct way of using Python type hints with Django Models?
- Socket IO is rejecting requests from Nginx proxy
- How to annotate Django view's methods?
- prefetch_related within model method
- Overriding initial value in ModelForm
- Django template extension; django.template.exceptions.TemplateSyntaxError: Invalid block tag when trying to load i18n from a base template
- How to get authorized in Microsoft AD using curl?
- Django: Get IP Address using a signal
- How do I separate my models out in django?
- "detail": "Authentication credentials were not provided." Django REST framework that uses adfs authentication backend
- How can I load initial data into a database using sqlalchemy
- Am having troubles with django-parler 2.0.1 after i had applied migration to translations, it won't show Products fields in admin site
- django.core.exceptions.ImproperlyConfigured: AUTH_USER_MODEL refers to model 'api.User' that has not been installed
- Fail to load resource: the server responded with a status of 404. in the STATICFILES_DIRS setting does not exist