User Authentication — User Auth with REST API in Django Part 3
- Serialize data — User Auth with REST API in Django Part 2
- User Authentication — User Auth with REST API in Django Part 3 🏁
Welcome to part 3!
This is the last part of our tutorial in regards to User Authentication with REST API. Now that you’ve learned how to create Django application from scratch and display data through with the use of serialization in Django I want to illustrate how to create an authentication or authenticate function in our views.py file.
As of the first, JWT. It stands for JSON Web Token. It is an encrypted piece of information about the user. This token has the information about our user. It means, once we’ve authenticated the user we could now authorize the user for its future actions.
💡 There’s a difference between AUTHORIZATION and AUTHENTICATION.
Install JWT
Make sure your virtualenv in activated. In my case, I have “my_virtual_env” as my virtualenv.
Execute this command in your terminal → pip install djangorestframework-simplejwt
After you’ve installed the simplejwt, let’s us now add this code in our settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
}I added this below the INSTALLED_APPS section. It’s up to you where you want to place it.
Now you might be wondering how are you going to produce a JWT token for authentication… This is simple, we need to create a new path in our api/urls.py for the JWT token. This is a built-in path of simplejwt the one we installed.
Update your api/urls.py
# api/urls.pyfrom django.urls import path
from . import views
from rest_framework_simplejwt.views import (
TokenObtainPairView,
TokenRefreshView,
)urlpatterns = [
path('', views.getRoutes),
path('projects/', views.getProjects),
path('users/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
]
Refresh token vs Normal token
This is simple, the Refresh Token has a longer lifespan of session as opposed to the lifespan of Normal Token.
Moving forward, that’s it! You can now try the JWT Token…
Go to your browser then enter http://127.0.0.1:8000/api/users/token/
Then you should have the same screen below…
Remember you created your admin user? With the use of “ python manage.py createsuperuser”? Use the same credential and then press POST.
You’ll receive your access token and refresh token.
How to use access token
In this section, I will use the generated access token in Postman Platform because I am more familiar with it. It is also considered by many developers to use this platform.
Download postman platform. It is available for Mac and Windows → Link
Once you’ve downloaded in and installed it. Follow these steps →
- Go to workspaces
- Create workspace
- Go to the “collections” tab
- Press the + button then rename it if you want
- In your workspace you can add your request
Setup your requests then save it.
We should have the same view of projects. But different data of course. 😅
In our http://127.0.0.1:8000/api/users/token/. You’ll receive an error like mine because we haven’t passed the credentials in postman.
Go to Body then enter the following code. It should be your credentials not like in the picture given below.
Hit Send
Authenticate the function getProjects
As I promised, we will put a validation in the specific function that we are using right now which is the getProjects function.
💡 Good read!!! Link
This setup is advisable if you’re using the api_view.
Now generate again your access token. Let’s try to Send again the http://127.0.0.1:8000/api/projects/.
If you have the same error, then we are on the same page.
Apply your Token
In your postman platform, go to Headers then you’ll see a key value form there. Create new a key “Authorization” its key will be “Bearer <token>”
Press Send
Then that’s it!! Congratulations!
Anton Caballes is a student, software developer, and cybersecurity enthusiast. He has a Bachelor’s degree in Information and Communications Technology from San Beda University and is currently pursuing a Master’s in Information Technology at King’s Own Institute Sydney. Check out his work and learning on his personal website and Medium page at https://medium.com/@antonraphaelcaballes. Connect with Anton on LinkedIn to learn more about his achievements and future endeavors.
