You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to allow both RS256 and HS256 authentication. Basically we want to allow users of our API to either login with email/password to get the the token (normal users), or, they provide us their public key to verify their secret key signed JWT signature (external systems using our API). At the moment, drf simplejwt does not seem to allow this without some hacking.
Currently the Token class' __init__ does the following:
# An encoded token was provided
from .state import token_backend
# Decode token
try:
self.payload = token_backend.decode(token, verify=verify)
except TokenBackendError:
raise TokenError(_('Token is invalid or expired'))
Could it instead do something like token_backend = self.get_token_backend() to fetch the backend? This way we could create tokens for different backends (with different algorithms) without having to copy paste the whole init function. This may not be the most elegant way to solve this, as it will still be bit weird to have the single ALGORITHM setting, if multiple could be used.
The text was updated successfully, but these errors were encountered:
We need to allow both RS256 and HS256 authentication. Basically we want to allow users of our API to either login with email/password to get the the token (normal users), or, they provide us their public key to verify their secret key signed JWT signature (external systems using our API). At the moment, drf simplejwt does not seem to allow this without some hacking.
Currently the Token class' __init__ does the following:
Could it instead do something like
token_backend = self.get_token_backend()to fetch the backend? This way we could create tokens for different backends (with different algorithms) without having to copy paste the whole init function. This may not be the most elegant way to solve this, as it will still be bit weird to have the single ALGORITHM setting, if multiple could be used.The text was updated successfully, but these errors were encountered: