no need of Serializer for the custome token claims
class MyTokenObtainPairView(TokenObtainPairView):
# serializer_class = MyTokenObtainPairSerializer
print('check')
when i just call the view i got the acess token and refresh token,there is no need of security,
also i cant add any custom claim in Serializer.
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
@classmethod
def get_token(cls, user):
token = super().get_token(user)
token['name'] = user.first_name
return token
it just return the token ,nothing my custom claim
Im found a solution, example on mainpage is wrong.
class TokenObtainSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
refresh = self.get_token(self.user)
data["refresh"] = str(refresh)
data["access"] = str(refresh.access_token)
data["ololo"] = "this is my custom data"
return data
@psv-git it works,thanks bro.
@psv-git is it possible to authenticate user from another table.
@psv-git is it possible to authenticate user from another table.
You may override default user class like this:
class User(AbstractBaseUser, PermissionsMixin):
username = models.CharField(_("username"), max_length=150, unique=True)
password = models.CharField(_("password"), max_length=128, unique=False)
...
objects = UserManager()
USERNAME_FIELD = "username"
REQUIRED_FIELDS = []
class Meta:
verbose_name = _("user")
verbose_name_plural = _("users")
db_table = "user"
get_latest_by = "joined_date"
But it not full example. Detailed description you may found in google by "custom user django" keyword.
TokenObtainSerializer
Im found a solution, example on mainpage is wrong.
class TokenObtainSerializer(TokenObtainPairSerializer): def validate(self, attrs): data = super().validate(attrs) refresh = self.get_token(self.user) data["refresh"] = str(refresh) data["access"] = str(refresh.access_token) data["ololo"] = "this is my custom data" return data
Hi there, sorry to be dense, but I was working on extending the claims myself, and was only getting back the original access/refresh response, as you described.
Are you suggesting a code modification for the built-in TokenObtainSerializer class, or adding in your own subclass which inherits the above?
@jhouse-solvd
Hi there, sorry to be dense, but I was working on extending the claims myself, and was only getting back the original access/refresh response, as you described.
Are you suggesting a code modification for the built-in TokenObtainSerializer class, or adding in your own subclass which inherits the above?
If I understand your question correctly, I just inherite my own class by TokenObtainPairSerializer and override his "validate" method.
In this example I add only one string:
data["ololo"] = "this is my custom data"
Other code its a just copy-paste from original method.
Cool, thank you for the response and clarification.
With gratitude,
Jesse House · *Head of Products and Services*
E: [email protected] | M: 415.374.9562
slvd.io | Twitter https://twitter.com/slvdio
On Mon, Jun 24, 2019 at 2:51 PM PSV notifications@github.com wrote:
Hi there, sorry to be dense, but I was working on extending the claims
myself, and was only getting back the original access/refresh response, as
you described.Are you suggesting a code modification for the built-in
TokenObtainSerializer class, or adding in your own subclass which inherits
the above?If I understand your question correctly, I just inherite my own class by
TokenObtainPairSerializer and override his "validate" method.In this example I add only one string:
data["ololo"] = "this is my custom data"
Other code its a just copy-paste from original method.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/davesque/django-rest-framework-simplejwt/issues/121?email_source=notifications&email_token=ALFI2ZCGGG7IRCH6FJM537TP4E6WPA5CNFSM4HO2UHB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYOKY3Q#issuecomment-505195630,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALFI2ZFHAONXC2WYMLIMIWLP4E6WPANCNFSM4HO2UHBQ
.
Man... this reaaally shoud be changed in the documentation. I wasted too much time trying to make the example in the docs works.
@psv-git Thank you!
The title is misleading as OP did not understand what a token claim is. What OP has shown is how to edit the returned data (i.e. add data to the JSON that is given to the user). A token claim is part of the payload of the token itself which only the server can edit in order to be properly decoded/encoded.
Just to show a little bit of education, visit the Wikipedia: https://en.wikipedia.org/wiki/JSON_Web_Token
A JWT is made up of a header, payload, and signature. The payload contains the token claims.
Most helpful comment
Im found a solution, example on mainpage is wrong.