How can I login with email and logout with Django Rest Framework JSON web tokens?
I have an existing, working Django application that implements a variety of Django-REST APIs. I just added user authentication with Django-rest-framework-JWT and now I am trying to learn it up. I have verified that it issued me a token if I do the following curl:
curl -X POST -d "username=myuser&password=mypassword" http://localhost:3050/api-token-auth/
But I have a number of questions that I don't see in the docs. Answer the following questions:
- How can I revoke a token using curl? I need to do this when the user is logged out.
- Where are these tokens stored in the database? After implementation,
django-rest-framework-jwt
I don't see any new tables in my Django Admin frontend - I would like to allow my users to login with their usernames or . So I would like to wrap the endpoint
api-token-auth
in a custom endpoint that checks if the given string is an email address or username. If you receive email, I will look for the username. Then call api-token-auth. What should this endpoint look like? I don't know how to wrap this upapi-token-auth method
.
+3
source to share
1 answer
- When using JWT for authentication, you usually store the token in your local browser or sessionstorage. To log out, you simply delete the token. There is nothing else to invalidate.
- One of the benefits of using this approach for authentication is that the tokens are not stored in the database, so you don't need to query the session store for anything when authenticating.
- This should be possible with Django's native authentication interface.
+8
source to share