Implementing JWT Authentication
What is JWT Authentication?
JWT (JSON Web Token) Authentication is a stateless authentication method that generates a signed token containing user information. It is widely used for secure and scalable authentication.
Configuration in DRF
Authentication is the process of verifying the identity of users accessing an API. DRF provides several authentication methods to ensure only authorized users interact with API endpoints.
- Session Authentication – Uses Django’s built-in session management.
- Token Authentication – Uses unique tokens assigned to users for API access.
- JWT (JSON Web Token) Authentication – Provides stateless authentication using encoded tokens.
In this guide, we focus on Token Authentication and JWT Authentication.
2. Using Token Authentication
What is Token Authentication?
Token-based authentication assigns each user a unique token, which they must send with API requests for authentication.
Configuration in DRF:
🔹 Step 1: Install JWT Authentication Package
Open your terminal Run the following command:
pip install djangorestframework-simplejwt
🔹 Step 2: Enable JWT Authentication in settings.py
Modify settings.py to include JWT authentication:
REST_FRAMEWORK = {
‘DEFAULT_AUTHENTICATION_CLASSES’: [
‘rest_framework.authentication.TokenAuthentication’,
‘rest_framework_simplejwt.authentication.JWTAuthentication’,
],
}
🔹 Step 3: Add JWT Authentication URLs
Update bookstore/urls.py with JWT endpoints:
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
urlpatterns += [
path(‘api-jwt/’, TokenObtainPairView.as_view(), name=’token_obtain_pair’), # Get Access & Refresh Tokens
path(‘api-jwt-refresh/’, TokenRefreshView.as_view(), name=’token_refresh’), # Refresh Token
]
🔹 Step 4: Obtain JWT Token
Clients can obtain an access token by making a POST request:
POST https://127.0.0.1:8000/api/books/api-jwt/
Content-Type: application/json
Request body:
{
“username”: “admin”,
“password”: “yourpassword”
}
Response:
{
“access”: “your_access_token”,
“refresh”: “your_refresh_token”
}
🔹 Step 5: Authenticate API Requests with JWT
Clients must send the access token in the Authorization header for secured API requests:
GET https://127.0.0.1:8000/api/books/custom-list/
Authorization: Bearer <your-access-token>
🔹 Step 6: Refreshing Expired Tokens
To refresh an expired token, send a POST request:
POST https://127.0.0.1:8000/api/api-jwt-refresh/
Content-Type: application/json
{
“refresh”: “your_refresh_token”
}
Response:
{
“access”: “new_access_token”
}
Conclusion:
By implementing Token Authentication and JWT Authentication, we secure API endpoints in Django Rest Framework.
- Token Authentication is simple and effective for small-scale applications.
- JWT Authentication is stateless, scalable, and widely used for web and mobile applications.
- Both methods require including authentication tokens in API requests to verify user identity.
Exercise:
- Set up JWT login and registration using SimpleJWT.
- Try getting access and refresh tokens.
- Use access token to view protected APIs.
- Try refreshing the token using refresh URL.
