Token stored in OutstandingToken and actual token are different when token payload is modified.

[ss-bhat]

The simple JWT document says we can customize token claims from TokenObtainPairSerializer -> get_token class method.

However, if we customize the token according to the above document and enable the blacklist app, the token stored in the OutstandingToken model is different. Because the BlacklistMixin -> for_user is executed before modifying the token.

If the tokens are different, it will be difficult in identifying the token while blacklisting.

Reference:

djangorestframework-simplejwt/rest_framework_simplejwt/tokens.py

Lines 278 to 284 in aa077a4

	OutstandingToken.objects.create(
	user=user,
	jti=jti,
	token=str(token),
	created_at=token.current_time,
	expires_at=datetime_from_epoch(exp),
	)

[sevdog]

To be more specific: it would be very bad if the JTI claim is changed after the for_user method has been called since that claim is used to identify tokens

djangorestframework-simplejwt/rest_framework_simplejwt/tokens.py

Lines 246 to 247 in aa077a4

	if BlacklistedToken.objects.filter(token__jti=jti).exists():
	raise TokenError(_("Token is blacklisted"))

[roshi112]

Any solution for that ?? facing the same issue.