Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Here are the steps to incorporate authentication and authorization using JSON Web Tokens (JWT) into a Django REST API:

  1. Install necessary dependencies: You’ll need to install the PyJWT and django-rest-framework-jwt packages. Use pip to install these packages in your virtual environment.

    pip install PyJWT django-rest-framework-jwt
  2. Add JWT authentication to the DRF authentication settings: In your Django file, add 'rest_framework_jwt.authentication.JSONWebTokenAuthentication' to the REST_FRAMEWORK DEFAULT_AUTHENTICATION_CLASSES list.

            # other authentication classes
        # other settings
  3. Configure JWT settings: Next, add the JWT settings to your Django settings file.

            # other authentication classes
            # other permission classes
        # other settings
    JWT_AUTH = {
        'JWT_ALGORITHM': 'HS256',
        'JWT_VERIFY': True,
        'JWT_LEEWAY': 0,
        'JWT_EXPIRATION_DELTA': datetime.timedelta(days=7),
        'JWT_AUDIENCE': None,
        'JWT_ISSUER': None,
        'JWT_ALLOW_REFRESH': True,
        'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
        'JWT_AUTH_COOKIE': None,
  4. Create a custom JWT response handler: You can create a custom response handler to return additional information in the response, such as user details or permissions.

    from rest_framework_jwt.utils import jwt_response_payload_handler as drf_jwt_response_handler
    def jwt_response_payload_handler(token, user=None, request=None):
        Returns additional user data along with the JWT token
        response_data = drf_jwt_response_handler(token, user, request)
            'username': user.username,
        return response_data
  5. Apply authentication and permission classes to views: Finally, apply the authentication_classes and permission_classes decorators to your views.

    from rest_framework.views import APIView
    from rest_framework.response import Response
    from rest_framework.permissions import IsAuthenticated
    from rest_framework_jwt.authentication import JSONWebTokenAuthentication
    class ProtectedView(APIView):
        authentication_classes = (JSONWebTokenAuthentication,)
        permission_classes = (IsAuthenticated,)
        def get(self, request):
            Returns the current user details
            user = request.user
            return Response({'user_id':, 'username': user.username})

That’s it! You now have a Django REST API that is secured with JWT authentication and authorization.