django-rest-framework-jwt icon indicating copy to clipboard operation
django-rest-framework-jwt copied to clipboard

Published 20 hours ago verified publisher icon jpadilla

Unable to override the default settings

Open saurabh-net opened this issue 9 years ago • 13 comments

None of the changes I do to override the default settings seem to work. In particular, I want to increase the expiration delta by a lot more and use my own decoder. Anything I'm doing wrong? Let me know if I need to add more information.

Django==1.8.4 PyJWT==1.4.0 djangorestframework==3.2.4 djangorestframework-jwt==1.7.2

JWT_AUTH = { 'JWT_VERIFY': False, 'JWT_VERIFY_EXPIRATION': False, 'JWT_LEEWAY': 0, 'JWT_EXPIRATION_DELTA' : datetime.timedelta(seconds=30000000), 'JWT_AUDIENCE': None, 'JWT_ISSUER': None, 'JWT_ALLOW_REFRESH': True, 'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=365), 'JWT_AUTH_HEADER_PREFIX': 'JWT', 'JWT_DECODE_HANDLER': 'mywrapper.views.my_decode_handler',

}

INSTALLED_APPS = ( 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'attendance', 'notice', 'marks', 'accounts', 'mywrapper', 'rest_framework', 'rest_framework_swagger', "push_notifications", 'rest_framework_jwt', )

saurabh-net avatar Mar 27 '16 12:03 saurabh-net

Having the same trouble. Signature keeps getting expired.

cholpona avatar Apr 02 '16 14:04 cholpona

Not sure though, can you set the JWT_AUTH 'after' the INSTALLED_APPS in the settings.py. Maybe the default settings are overriding your ones.

blaklites avatar May 08 '16 03:05 blaklites

I did the same @saurabhmaurya06 and it worked well.

nkman avatar Jun 13 '16 18:06 nkman

@blaklites order doesn't matter at all. Because DRF-JWT just looks for JWT_AUTH in the settings file it doesn't matter its in the beginning or in the end.

vaibhav-jain avatar Jun 13 '16 19:06 vaibhav-jain

@vaibhav-jain I am not talking about the order actually, I am talking about your value being over written by the original one, will have to check actually though.

blaklites avatar Jun 14 '16 03:06 blaklites

@saurabhmaurya06 You should to add rest_framework.authtoken in your INSTALLED_APPS settings. source - Docs

nkman avatar Jun 14 '16 05:06 nkman

I still have the same problem and tried the things mentioned here. Any other things I could try? The app itself is very simple so far.

datrinh avatar May 30 '17 18:05 datrinh

Have you figured it out?

@datrinh You've not described your issue, have you?

blueyed avatar Sep 15 '17 17:09 blueyed

I'm also running into the same issue. Appreciate any assistance anyone can provide.

I am assuming I'm missing something that is probably obvious to the pros. I was going to post this at https://github.com/GetBlimp/django-rest-framework-jwt/issues/190; however, I found this thread to be more applicable to my issue.

First I'm receiving the following response to my refresh attempts:

{
    "non_field_errors": [
        "orig_iat field is required."
    ]
}

Even though my settings.py appears to be correct based on code and documentation my token doesn't seem to adhere to the 7 days I have set it to either. What's odd is that when my token is expired I do receive the below:

{
    "non_field_errors": [
        "Signature has expired."
    ]
}

So I'm assuming the 'JWT_ALLOW_REFRESH': True, is working?

I saw a similar same issue at https://github.com/GetBlimp/django-rest-framework-jwt/issues/134 but, again, I feel I am overwriting the settings correctly.

INSTALLED_APPS = [
    'testapp',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'rest_framework.authtoken',
    'corsheaders',
]

import datetime
JWT_AUTH = {
    'JWT_EXPIRATION_DELTA': datetime.timedelta(hours=1),
    'JWT_ALLOW_REFRESH': True,
}

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 10
}

Looking a bit further, I'm also not seeing orig_iat being passed in the token. Below is my token and I'm not seeing it in the decoded version... Should it be there?

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6InRnb3J1cCIsImV4cCI6MTUzMDYyNjUzOCwiZW1haWwiOiJ0b21AdGVzdGFwcC5pbyJ9.3VMrJuj5PiWuNI6mlvQswn2HXmNJij3gsYD6fRQtSzA

Decoded Web Token: here

screen shot 2018-07-03 at 9 59 23 am

Versions

djangorestframework==3.8.2
djangorestframework-jwt==1.11.0

Appreciate any assistance. Thanks!

Tom-Gorup avatar Jul 03 '18 14:07 Tom-Gorup

So any update on this?

ardinusawan avatar Feb 15 '19 12:02 ardinusawan

add this to settings JWT_AUTH = { 'JWT_EXPIRATION_DELTA': datetime.timedelta(hours=1), 'JWT_ALLOW_REFRESH': True, }

sushanjs123 avatar Feb 25 '19 09:02 sushanjs123

In my case the problem was in the route configurations


from django.conf.urls import url, include
from rest_framework import routers
from rest_framework_jwt.views import obtain_jwt_token

router = routers.DefaultRouter()
...
urlpatterns = [
    url(r'^', include(router.urls)),
     # I WAS USING THIS 
    url(r'^auth/', include('rest_auth.urls'))
    #INSTEAD OF THIS
    url(r'^auth/', obtain_jwt_token),
   
]

Plus the 'JWT_ALLOW_REFRESH': True should be set to True. Like below:

JWT_AUTH = {
    #THIS IS MANDATORY
    'JWT_ALLOW_REFRESH': True, 
    'JWT_AUTH_HEADER_PREFIX': 'Bearer',
    'JWT_RESPONSE_PAYLOAD_HANDLER': 'xxxx.jwt_response_payload_handler',
}

leonardollobato avatar Apr 10 '19 14:04 leonardollobato

any updates on this issue?

deva777m avatar Sep 07 '19 10:09 deva777m