djangorestframework-simplejwt
djangorestframework-simplejwt copied to clipboard
jazzband
On token refresh, re-encode access token with get_token
Hi,
Currently I am encoding information in my accesstoken like a "client_id" with the get_token method in my CustomTokenObtainSerializer. I am serializing this, so that I can then use my middleware to restrict authenticated calls to /int:client_id urls, by decoding the given token and seeing if it matches the client_id from the incoming request.
This whole approach works fine, but I am now at a point where in the frontend application someone needs to be able to switch between clients, which also updates the django reference to the client, so the get_token method in the CustomTokenObtainSerializer would then yield the newer client_id. And so, if all request on the frontend were first done with client_id=2, then after the switch, the next requests could be made with client_id=5.
Basically what I want to do, is refresh my accesstoken with the latest client_id encoded, so that I get a new access token which has the client_id=5 encoded in it. Currently after making a call to the refresh endpoint, the access token still has client_id=2 encoded in it.
So the problem at hand is I don't have access to a get_token method when I call my CustomTokenRefreshView with CustomTokenRefreshSerializer, meaning I haven't found a way to get the encoded fields refreshed in my newer access token like the get_token method. The only solution I found is to log the user out and then have them re-authenticate so the CustomTokenObtainSerializer's get_token method is called which now has the right client_id.
I researched what actually happens to the access token when the refresh endpoint is called, and it does seem to change the the "exp", "iat" and "jti" fields, like shown in the source code.
Long story short: Is there a way I can update the accesstoken like the get_token method without having a to make a new authentication/login request? So perhaps I have the frontend make a call to the refresh token endpoint, and customize how the new access token is created, similar to the TokenObtainSerializer get_token method?
