This repository has been archived by the owner on Oct 30, 2021. It is now read-only.
[BB-1718] Implement JWT token refreshing #24
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
xitij2000
approved these changes
Oct 5, 2019
requirements/base.txt
Outdated
| coreapi~=2.3.3 # https://github.com/core-api/python-client | ||
| drf-yasg~=1.15.0 # https://github.com/axnsan12/drf-yasg | ||
|
|
||
| # REST auth | ||
| # ------------------------------------------------------------------------------ | ||
| django-rest-auth~=0.9.5 # https://github.com/Tivix/django-rest-auth | ||
| git+https://github.com/open-craft/django-rest-auth # fork of https://github.com/Tivix/django-rest-auth with simpleJWT support |
There was a problem hiding this comment.
Could you pin this to a commit id please?
Why was this fork necessary?
There was a problem hiding this comment.
Could you pin this to a commit id please?
Sure, that makes sense 👍
Why was this fork necessary?
The implementation of JWT used by django-rest-auth is no longer maintained . There is a fork of the django-rest-auth repository that adds SimpleJWT support (which has the token refreshing fixed).
I forked this to our GH organization, because forks tend to go missing sometimes and a couple year ago I had this exact problem with disappearing Python library (django-pagination), to which there were no mirrors at the point. So I just did this to keep it safe.
Agrendalath
force-pushed
the
agrendalath/bb-1718-implement_jwt_token_refreshing
branch
from
73c74d5 to
4926918
Compare
Agrendalath
deleted the
agrendalath/bb-1718-implement_jwt_token_refreshing
branch
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements JWT token refreshing. Access tokens will be valid for shorter (
JWT_ACCESS_TOKEN_LIFETIME_HOURS) time and refresh tokens will be used to regenerate them. The refresh tokens are rotating, so we won't need to log in anymore as long as we visit the page once perJWT_REFRESH_TOKEN_LIFETIME_DAYSdays.I added one new line to envs on the ticket:
JWT_ACCESS_TOKEN_LIFETIME_HOURS=0.0004. This will make access tokens last for less than 2 seconds, which will be enough for making singular requests and will speed up the testing.Testing instructions:
.envfile (you can find it in a comment on the ticket).docker-compose -f local.yml up --build(buildis important here; it will take a while, because our first layer of the Dockerfile has changed).docker-compose -f local.yml exec django python manage.py migrate.frontent/src/App.js.npm i && npm start.user/returned 401, was followed byrefresh/, which returned 200, which was then followed byuser/returning 200.?board_id=<id>endpoint.