Alex Krupp
Alex Krupp
I'm using it with the latest version of DRF and it works fine for me. What issue are you running into?
I'm not sure what exactly the problem is here. The way I make requests in Postman, which still works, is as follows: When making a request to the endpoint api-token-auth,...
@ticosax Any reason not to just append the last few characters of the user's hashed password as a field on the token? This seems worth doing since right now if...
@ticosax When a user creates a password, it gets hashed into something like: pbkdf2_sha256$20000$FhnlJ0rpdCli$SHBxdnk2xUMmJgok//3YaC89uVJG0eu4xz14pWAakKE= So when when a user obtains a new JWT, you would add, say, the last 15...
@ticosax The one issue I can think of here is if the user isn't using the default django password storage, e.g. if they mapped the user's password field to a...
@sandipbgt In light of [issue 244](https://github.com/GetBlimp/django-rest-framework-jwt/issues/244), adding a password_last_change datefield to your user model is definitely a better solution than using a part of the password hash, since having that...
On your user model add a field: `jwt_secret = models.UUIDField(default=uuid.uuid4)` Then create a function that returns this field: ``` def jwt_get_secret_key(user_model): return user_model.jwt_secret ``` And use a string with the...
@uber1geek Conceptually what you want is a UUIDField on the user model, and then every time the user does something that should log them out of the site (clicking Logout,...
@RahmaMzoughi @ray525 I don't have a good solution for that. You could obviously just delete the token from localstorage, although that wouldn't eliminate the ability for someone who already had...
@kylecribbs It works fine. If it stops working in the future I'm sure someone will just fork it. No one is going to spend a month rewriting their auth system...