djwto

Welcome to djwto’s documentation!

djwto (reads jot two) is an alternative JWT authentication system built for Django applications. It was designed to offer some new features for the auth layer, such as:

• Authentication can be either a bearer token or a cookie.

• Auth cookie can be split into two parts (that’s the inspiration for the name of this lib). The first part contains the token itself, not encoded, and can be used by the frontend. The second part is the encoded token and is protected from JavaScript access (httpOnly), used by the backend in the auth process.

• CSRF protection by default.

• Extensible: several parts of the code can be customized.

• Full auth layer: views can be protected and authorized based solely on the JWT token.

Details of each point will be further explained in this doc. For a hands-on testing environment, djwto also offers a sandbox environment.

Contents:

• Getting Started
  • Installation
  • Requirements
  • Overview
  • Support
  • Contributions
• Settings
  • DJWTO_ISS_CLAIM
  • DJWTO_SUB_CLAIM
  • DJWTO_AUD_CLAIM
  • DJWTO_IAT_CLAIM
  • DJWTO_JTI_CLAIM
  • DJWTO_ACCESS_TOKEN_LIFETIME
  • DJWTO_REFRESH_TOKEN_LIFETIME
  • DJWTO_NBF_LIFETIME
  • DJWTO_SIGNING_KEY
  • DJWTO_VERIFYING_KEY
  • DJWTO_ALGORITHM
  • DJWTO_MODE
  • DJWTO_REFRESH_COOKIE_PATH
  • DJWTO_SAME_SITE
  • DJWTO_DOMAIN
  • DJWTO_CSRF
• Endpoints
  • /login/
  • /validate/
  • /refresh_access/
  • /update_refresh/
  • /logout/
• Signals
  • jwt_logged_in
  • jwt_login_fail
  • jwt_blacklisted
  • jwt_token_validated
  • jwt_access_refreshed
  • jwt_refresh_updated
• Customization
• Protecting Views
  • jwt_login_required
  • jwt_perm_required