-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
apiurls.py
132 lines (121 loc) · 4.47 KB
/
apiurls.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
"""
Add your API routes here.
"""
# API ROOT: /authjwt/
from django.urls import path, include
from django.contrib.auth.decorators import login_required
from authjwt.views import (
PingViewSet,
SomeProtectedView
)
from rest_framework import routers
from rest_framework_simplejwt.views import (
TokenObtainPairView,
TokenRefreshView,
TokenVerifyView,
TokenBlacklistView
)
router = routers.DefaultRouter()
router.register(
# ===================================================
# HEARTBEAT (PING -> PONG)
# ===================================================
# To prove authentication for a protected view use
# the "access" token
# ===================================================
# curl \
# -H "Authorization: Bearer <JWT__HEADER>.<JWT_PAYLOAD>.<JWT_SIGNATURE>" \
# http://localhost:8000/authjwt/api/ping/?id=pong
# ===================================================
'ping',
PingViewSet,
basename="ping"
)
urlpatterns = [
path(
# ===================================================
# LOGIN USER
# ===================================================
# To get a new "access" and a new "refresh" token
# send the client credentials (username and password)
# ===================================================
# curl \
# -X POST \
# -H "Content-Type: application/json" \
# -d '{"username": "admin", "password": "admin"}' \
# http://localhost:8000/authjwt/api/token/
# ===================================================
'api/token/',
TokenObtainPairView.as_view(),
name='token_obtain_pair'
),
path(
# ===================================================
# REFRESH TOKEN
# ===================================================
# To get a new "access" token send the "refresh" token
# ===================================================
# curl \
# -X POST \
# -H "Content-Type: application/json" \
# -d '{"refresh":"<JWT__HEADER>.<JWT_PAYLOAD>.<JWT_SIGNATURE>"}' \
# http://localhost:8000/authjwt/api/token/refresh/
# ===================================================
'api/token/refresh/',
TokenRefreshView.as_view(),
name='token_refresh'
),
path(
# ===================================================
# VERIFY TOKEN
# ===================================================
# Check token validity (eg. expired "access" token)
# ===================================================
# curl \
# -X POST \
# -H "Content-Type: application/json" \
# -d '{"token":"<JWT_HEADER>.<JWT_PAYLOAD>.<JWT_SIGNATURE>"}' \
# http://localhost:8000/authjwt/api/token/verify/
# ===================================================
'api/token/verify/',
TokenVerifyView.as_view(),
name='token_verify'
),
path(
# ===================================================
# LOGOUT USER
# ===================================================
# Force logout user by invalidating its token
# (reccomended when using longer-lived tokens).
#
# You should set up a daily cron job on your server,
# calling the "python3 manage.py flushexpiredtokens"
# command which will delete any tokens from the
# outstanding list and blacklist that have expired.
# ===================================================
# curl \
# -X POST \
# -H "Content-Type: application/json" \
# -d '{"refresh":"<JWT_HEADER>.<JWT_PAYLOAD>.<JWT_SIGNATURE>"}' \
# http://localhost:8000/authjwt/api/token/blacklist/
# ===================================================
'api/token/blacklist/',
TokenBlacklistView.as_view(),
name='token_blacklist'
),
# ===================================================
# NB: The following endpoint doesn't support JWT
# Authentication because internally it make use of
# the default Django Views class (and not the one
# provided by Django Rest Framework Views instead)
# ===================================================
# path(
# 'api/some-protected-view/',
# login_required(SomeProtectedView.as_view()),
# name='some-protected-view'
# ),
path(
'api/',
include(router.urls)
)
]