Refresh token was not included in request data.

[hsb-tonmoy]

By default, if you're using JWT and Token Blacklist, the Logout view tries to find the Refresh token in the request body. However, if I am using HttpOnly cookie, my Refresh token wouldn't be in the request body.

It can be fixed by changing:

if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
                # add refresh token to blacklist
                try:
                    token = RefreshToken(request.get['refresh'])

to

if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
                # add refresh token to blacklist
                try:
                    token = RefreshToken(request.COOKIES['refresh_token'])

But it is quite cumbersome to define my own view for one line of change. Please consider making this change to the codebase.

[Luctia]

Slightly related: #191 you can find some middleware via the code mentioned there that will do that. I agree that it should be added, though.

[emripka]

You should further be using the JWT_AUTH_REFRESH_COOKIE setting to decide which cookie to grab:

if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
      # add refresh token to blacklist
      try:
          refresh_cookie = getattr(settings, 'JWT_AUTH_REFRESH_COOKIE', 'refresh_token')
          token = RefreshToken(request.COOKIES[refresh_cookie])

[Nooruzbai]

Could you please write where I should put this code?pleaaaas=)