Token saved to OutstandingToken does not match custom serializer output

[mitch104]

When a custom serializer adds extra fields to the JWT payload and the rest_framework_simplejwt.token_blacklist app has been added to INSTALLED_APPS in settings, the token field in OutstandingToken does not match that returned to the user.

The following 2 lines in the code are responsible for entering the string representation of the tokens into the database:
https://github.com/davesque/django-rest-framework-simplejwt/blob/master/rest_framework_simplejwt/tokens.py#L210
and
https://github.com/davesque/django-rest-framework-simplejwt/blob/master/rest_framework_simplejwt/tokens.py#L230

This does not directly influence any of the blacklisting functionality due to the fact that it uses the jti to decide if a token is valid, this is more a problem that could cause confusion due to the mismatch between the token in the database and the token given to the user.

So far I have not found a nice solution to this problem from an external stand point and it seems action will be required within this codebase to resolve this.

In my specific case I am only adding more user information to the JWT, so making the Token object swappable in django-rest-framework-simplejwt and overwriting the for_user method in my application could be sufficient. It may also remove the need for a custom serializer in this case.

Let me know your thoughts, I'm happy to contribute to the solution if needed.

[mitch104]

Or making the TokenBackend swappable and adding additional fields to the payload before encoding could work? User information could be accessed using user = get_user_model().objects.get(id=payload["user_id"])

This method should be more elegant as well.

[roshi112]

I need a solution for that, I face the same problem, does anyone solved it ??