Access Django Rest API using Azure access token and SimpleJWT access token

Need just hint, tried all possible ways.

Any approach is highly appreciated.

Problem statement: access jwt authenticated django rest api using azure ad access token in postman and local app. django app is hosted on azure app service. Challenge: pass two token with different header values in authorisation header such that azure token is also reader with django jwt token.

A. All possible authorisation in postman.

B. Different authorization keys and header values in django jwt settings

  1. I've deployed my django application on azure app service.

  2. I'm using JWT authentication for all rest API's.

  3. I've an azure directory and service principal linked to azure web app.

  4. In postman,

I can get access token from azure active directory(using clientID, Secret, resource, etc.) and use the same token to call django rest api.

  1. I can easily access unauthenticated API just by using azure access taken in authorization bearer header.

  2. For JWT authenticated API, I'm not able to use them (crud operation) as none of my approach is working.

Azure access token header value : Bearer

Django JWT token header value: Bearer, Token, JWT.

Add another custom backend and verify your Azure token by its public key:

https://docs.djangoproject.com/en/4.1/topics/auth/customizing/

And add it next to your SimpleJWT auth backend.


        azure_token = request.headers['AzureToken']  # you can use custom headers or just use `Authentication` with Bearer token. Django will go through every backend to verify it.
        decoded = jwt.decode(azure_token, public_key, algorithms=["RS256"])

If you can decode without error that means your token is generated by Azure AD.

You can follow this question to get your public key https://learn.microsoft.com/en-us/answers/questions/793793/azure-ad-validate-access-token

So I found a solution, if wrong please provide feedback.

I have create an authentication class inheriting JWTAuthentication class. And reading custom headers in request.headers. this way I can provide multiple tokens in a request.

Actually, My application is hosted on azure app service. So have to authenticate send also application have some inbuilt authentication to manage user access, thus need token for the same.

Back to Top