Django simplejwt validate token
I am implementing authentication with Django simpleJwt, and have a question.
I want to create something with Client's jwt token. I use methods provided from simpleJwt to validate and decode jwt token.
class AccountBookAPIView(APIView):
def post(self, request):
jwt_authenticator = JWTAuthentication()
raw_access_token = request.META.get('access_token')
validated_token = jwt_authenticator.get_validated_token(raw_access_token)
user = jwt_authenticator.get_user(validated_token)
However, I doubt that some methods really validate token. So I checked the method's implementation. Below is the code for question.
def get_validated_token(self, raw_token):
"""
Validates an encoded JSON web token and returns a validated token
wrapper object.
"""
messages = []
for AuthToken in api_settings.AUTH_TOKEN_CLASSES:
try:
return AuthToken(raw_token)
except TokenError as e:
messages.append(
{
"token_class": AuthToken.__name__,
"token_type": AuthToken.token_type,
"message": e.args[0],
}
)
raise InvalidToken(
{
"detail": _("Given token not valid for any token type"),
"messages": messages,
}
)
# this class is AuthToken in my opinion.
class AccessToken(Token):
token_type = "access"
lifetime = api_settings.ACCESS_TOKEN_LIFETIME
I can't find the point that validate token from Database. It looks like just construction of token for me. Don't I need to check token in the Database(blacklist and outstanding tokens)?
Plz help me. Any answer is welcome.
Below is my settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
# my apps
'members',
'account_books',
# additional libraries
'rest_framework',
'rest_framework_simplejwt',
'rest_framework_simplejwt.token_blacklist',
]
REST_FRAMEWORK ={
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES':(
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
}
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(days=1),
'REFRESH_TOKEN_LIFETIME': timedelta(days=7),
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': True,
'USER_ID_FIELD' : 'member_id',
}