backend
backend copied to clipboard
[API "DEV" Landing Page] Need to Update base.html with New Registration Endpoints/Flow
Now that we'e decided to implement a Registration and Login flow and re-organize our auth endpoints, we'll need to update the "Dev" landing page that displays info at localhost:8000
for the backend.
The HTML file to update is core/templates/base.html
, and it needs the following information. The docker-compose
commands can remain as-is:
Django Admin Interface and Login:
-
/admin/
(to login to the admin interface with superuser credentials)
Obtaining JWT tokens:
-
api/v1/auth/token
(obtain an access & refresh token pair), -
api/v1/auth/verify
(verify the validity of a refresh or access token), -
api/v1/refresh
(obtain new access toke by using non-expired refresh token)
The length of time access
and refresh
tokens remain valid can be configured in config/settings/base.py
by adding a SIMPLE_JWT={}
dictionary of values. please note: this project does not currently use SLIDING_TOKEN, only ACCESS_TOKEN and REFRESH_TOKEN current defaults from the library are:
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
'ROTATE_REFRESH_TOKENS': False,
'BLACKLIST_AFTER_ROTATION': True,
'ALGORITHM': 'HS256',
'SIGNING_KEY': settings.SECRET_KEY,
'VERIFYING_KEY': None,
'AUDIENCE': None,
'ISSUER': None,
'AUTH_HEADER_TYPES': ('Bearer',),
'USER_ID_FIELD': 'id',
'USER_ID_CLAIM': 'user_id',
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
'JTI_CLAIM': 'jti',
'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
}
Registration/Login/Logout/password reset:
-
api/v1/auth/registration/
(on submit, triggers a validation email to the email address a user enters) -
api/v1/auth/verify-email/
(POST a user's HMC email key for validating their email) -
api/v1/auth/login/
(Requires a validated email in order to sign in) -
api/v1/auth/logout/
(Clear tokens from currently logged in user) -
api/v1/auth/password/reset/
(if POST-ed to with an email, will send a password reset email to the POSTED email) -
api/v1/auth/password/reset/confirm/
(if POST-ed to with the UID & TOKEN from the reset email & new password, will reset the password for the UID POSTED)
User Details & current_user:
-
api/v1/auth/user/
(to view currently logged in User Details) -
api/v1/auth/current_user
(to view currently logged in User minus their email address)
Viewing and Creating Resources:
-
api/v1/resources/
(GET view a list of resources available. No auth required.) -
api/v1/resources/
(POST view to create a resource. Requires a valid access or refresh token.) -
api/v1/resources/
(PATCH view to edit/update a resource. Requires a valid access or refresh token.)
ADDITIONALLY
The Sign Up
& Sing In
links should be changed to point to api/v1/auth/registration/
(Sign Up) & api/v1/auth/login/
(Sign In) -- not their current forms. Those forms trigger django-allauth
, and are not part of the REST API flow.