# Django Rest Framework Simple JWT *** **1. Customizing the payload** ```python from rest_framework_simplejwt.tokens import RefreshToken def my_jwt_payload_handler(user): return { 'user_id': user.id, 'username': user.username, 'email': user.email, # Custom claims 'role': user.role, 'permissions': [permission.codename for permission in user.get_all_permissions()], } ``` **2. Overriding the token blacklist** ```python from rest_framework_simplejwt.authentication import JWTAuthentication, JWTTokenUserAuthentication class CustomJWTAuthentication(JWTAuthentication): def authenticate(self, request): # Get the token from the request token = self.get_jwt_value(request) if token is None: return None # Decode the token try: payload = self.get_validated_token(token) except: return None # Check if the token is blacklisted if payload['jti'] in self.blacklist: return None # Get the user from the payload user = self.get_user(payload) if user is None: return None return self.authenticate_credentials(payload, user) ``` **3. Adding custom authentication backends** ```python from rest_framework_simplejwt.authentication import JWTAuthentication class CustomJWTAuthentication(JWTAuthentication): def get_user(self, payload): # Get the user from the payload user_id = payload['user_id'] user = User.objects.get(pk=user_id) return user ``` **4. Using custom tokens** ```python from rest_framework_simplejwt.tokens import RefreshToken class MyRefreshToken(RefreshToken): def __init__(self, token): """ Constructor for the MyRefreshToken class. :param token: The refresh token to be initialized. """ super().__init__(token) self['custom_claim'] = 'custom_value' ``` **5. Creating custom tokens in views** ```python from rest_framework_simplejwt.tokens import RefreshToken def my_view(request): # Create the refresh token refresh = RefreshToken.for_user(request.user) # Create the access token access = refresh.access_token # Return the tokens return Response({ 'refresh': str(refresh), 'access': str(access), }) ``` **6. Using the JWT token in custom views** ```python from rest_framework.views import APIView from rest_framework_simplejwt.authentication import JWTAuthentication class MyAPIView(APIView): authentication_classes = [JWTAuthentication] def get(self, request): # Get the JWT token from the request token = request.META.get('HTTP_AUTHORIZATION', '').split(' ')[1] # Decode the token payload = JWT.decode(token, settings.SECRET_KEY, algorithms=settings.SIMPLE_JWT['ALGORITHM']) # Get the user from the payload user = User.objects.get(pk=payload['user_id']) # Return the user return Response({'user': user}) ``` **7. Overriding the token verification behavior** ```python from rest_framework_simplejwt.authentication import JWTAuthentication class CustomJWTAuthentication(JWTAuthentication): def get_validated_token(self, token): """ Validates the token and returns the payload. :param token: The token to be validated. """ try: payload = JWT.decode(token, settings.SECRET_KEY, algorithms=settings.SIMPLE_JWT['ALGORITHM']) except: raise AuthenticationFailed('Invalid token') # Check if the token is expired if payload['exp'] < datetime.utcnow().timestamp(): raise AuthenticationFailed('Token is expired') # Return the payload return payload ``` **8. Using a custom token encoder** ```python from rest_framework_simplejwt.tokens import RefreshToken class MyRefreshTokenEncoder(RefreshTokenEncoder): def encode(self, token): """ Encodes the token using the specified algorithm. :param token: The token to be encoded. """ ```