I am using Django(REST FrameWork, SimpleJWT) and React for my project. For autentication I am using JWT method. According to some articles, storing and sending REFRESH TOKEN in HttpOnly Cookie is the a best and secure way. Since I am learning WebDevelopment I can’t able to find any source to about it. This is my views.py as you can i
Tag: jwt
Python decorator – Check if user is admin
I am creating simple API using flask, and I want to check if user which is trying to access is admin. This is function which should decide if user is admin or not And this is endpoint I am getting this error I don’t know where is the problem, I did this according this documentation. Could someone help me how
Is it a good idea to use JWT as verification token?
I’m going to use FastAPI Users for my application. I saw that it generates JWT tokens to perform verification processes in the application. For example, in order to verify user email address or to request password change. Is it a good idea in terms of security? Answer JWT is state-less authentication and is so useful if you use backend with
In a Python Flask JWT, what is `sub`?
Here is an example JWT generated using the Flask-JWT-Extended library in Python 3: I can find documentation on all of these key/value pairs, except for sub. What is it? Answer According to the JWT spec, sub is a Subject claim: The “sub” (subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are
Working outside of application context Flask JWT decorator issue
I am fairly new to Flask applications. While my application works for all the endpoints as expected when I tried to add jwt authorization I encountered this issue. I have tried this solution app.app_context().push() based on some other questions that have been posted. Any help would be greatly appreciated. I would also like to use the decorator in multiple apis,
Django Rest Framework JWT Unit Test
I am using DRF with the JWT package for authentication. Now, I’m trying to write a unit test that authenticates itself with a JWT token. No matter how I try it, I can’t get the test API client to authenticate itself via JWT. If I do the same with an API client (in my case, Postman), everything works. This is