Django Rest Framework Simple JWT

1. Customizing the payload

from rest_framework_simplejwt.tokens import RefreshToken

def my_jwt_payload_handler(user):
    return {
        'user_id': user.id,
        'username': user.username,
        'email': user.email,
        # Custom claims
        'role': user.role,
        'permissions': [permission.codename for permission in user.get_all_permissions()],
    }

2. Overriding the token blacklist

from rest_framework_simplejwt.authentication import JWTAuthentication, JWTTokenUserAuthentication

class CustomJWTAuthentication(JWTAuthentication):
    def authenticate(self, request):
        # Get the token from the request
        token = self.get_jwt_value(request)

        if token is None:
            return None

        # Decode the token
        try:
            payload = self.get_validated_token(token)
        except:
            return None

        # Check if the token is blacklisted
        if payload['jti'] in self.blacklist:
            return None

        # Get the user from the payload
        user = self.get_user(payload)

        if user is None:
            return None

        return self.authenticate_credentials(payload, user)

3. Adding custom authentication backends

from rest_framework_simplejwt.authentication import JWTAuthentication

class CustomJWTAuthentication(JWTAuthentication):
    def get_user(self, payload):
        # Get the user from the payload
        user_id = payload['user_id']
        user = User.objects.get(pk=user_id)
        return user

4. Using custom tokens

from rest_framework_simplejwt.tokens import RefreshToken

class MyRefreshToken(RefreshToken):
    def __init__(self, token):
        """
        Constructor for the MyRefreshToken class.

        :param token: The refresh token to be initialized.
        """
        super().__init__(token)
        self['custom_claim'] = 'custom_value'

5. Creating custom tokens in views

from rest_framework_simplejwt.tokens import RefreshToken

def my_view(request):
    # Create the refresh token
    refresh = RefreshToken.for_user(request.user)

    # Create the access token
    access = refresh.access_token

    # Return the tokens
    return Response({
        'refresh': str(refresh),
        'access': str(access),
    })

6. Using the JWT token in custom views

from rest_framework.views import APIView
from rest_framework_simplejwt.authentication import JWTAuthentication

class MyAPIView(APIView):
    authentication_classes = [JWTAuthentication]

    def get(self, request):
        # Get the JWT token from the request
        token = request.META.get('HTTP_AUTHORIZATION', '').split(' ')[1]

        # Decode the token
        payload = JWT.decode(token, settings.SECRET_KEY, algorithms=settings.SIMPLE_JWT['ALGORITHM'])

        # Get the user from the payload
        user = User.objects.get(pk=payload['user_id'])

        # Return the user
        return Response({'user': user})

7. Overriding the token verification behavior

from rest_framework_simplejwt.authentication import JWTAuthentication

class CustomJWTAuthentication(JWTAuthentication):
    def get_validated_token(self, token):
        """
        Validates the token and returns the payload.

        :param token: The token to be validated.
        """
        try:
            payload = JWT.decode(token, settings.SECRET_KEY, algorithms=settings.SIMPLE_JWT['ALGORITHM'])
        except:
            raise AuthenticationFailed('Invalid token')

        # Check if the token is expired
        if payload['exp'] < datetime.utcnow().timestamp():
            raise AuthenticationFailed('Token is expired')

        # Return the payload
        return payload

8. Using a custom token encoder

from rest_framework_simplejwt.tokens import RefreshToken

class MyRefreshTokenEncoder(RefreshTokenEncoder):
    def encode(self, token):
        """
        Encodes the token using the specified algorithm.

        :param token: The token to be encoded.
        """

PreviousDjango Rest Framework NextDjango Rest Knox