0

I see many blogs prefering jwt over session based authentication.

However, django is still session based, and doesn't have option to switch to jwt auth backend.

I think it can be achieved by defining custom JwtMiddleware (whose job is to populate request.user) But there's too little online resources describing the process (How add Authenticate Middleware JWT django? is only thing I found)

Is it a frowned upon to do jwt authentication for django views?

*EDIT

I think the reason is (at least for me) there's no way of adding the Auth header to the page refresh or <a href> link..

Whereas we could patch Auth header for axios or like for rest api.

eugene
  • 39,839
  • 68
  • 255
  • 489

3 Answers3

1

Its not frowned upon to use JWT in django. There are different cases when you choose jwt over traditional session based auth. Most of the time session based auth is what you require. Jwt based authentication is usefull for mobile devices and/or when you have extremely high number of logged in user. So high that even after sharding you are have difficulty in handling authentication.

Most of the blogs tell you to use jwt because this is a new thing relatively.

himank
  • 439
  • 3
  • 5
  • why is jwt prefered in mobile devices? – eugene Aug 26 '19 at 03:28
  • Because most of the apps use multiple microservices in the background. So adding a header in the request with jwt becomes relatively easy than handling cookie. – himank Aug 26 '19 at 04:24
  • hmm, makes sense but, web service could use multiple microservices as well. I suspect there is another reason for it. – eugene Aug 26 '19 at 04:38
  • Cookie storage is not that easy in mobile apps. Reference - https://medium.com/@elye.project/a-tale-on-android-cookies-store-management-b04832ca18c6 – himank Aug 26 '19 at 04:44
0

I need this one: https://github.com/jpadilla/django-rest-framework-jwt

But you have to use the rest framework.

周左左
  • 362
  • 3
  • 5
0

Once you started using JWT for DRF, use the DRF decorators to allow the JWT does its work.

https://www.django-rest-framework.org/api-guide/views/

from rest_framework.decorators import api_view, schema

@api_view(['GET'])
@schema(None)
def getTags(request):
    """Returns the data to display a clould tag"""
    lindex = Lindex()
    return lindex.getTags()
ozw1z5rd
  • 3,034
  • 3
  • 32
  • 49