Add support for user based secret key #51
Conversation
foodles-tech
force-pushed
the
add-support-for-user-based-key
branch
5 times, most recently
from
af3785c to
7da2db2
Compare
In order to address this issue : jazzband#17 I propose the following solution: - Add a JWT_SECRET_KEY setting that should be used for hmac algorithm - The SIGNING_KEY and VERIFYING_KEY should be used only for asymmetric algorithm - Add a GET_USER_SECRET_KEY setting which expect a function that will be called with the user id as defined by the USER_ID_FIELD and return a key that can change for instance when the user changed his password
foodles-tech
force-pushed
the
add-support-for-user-based-key
branch
from
7da2db2 to
9996fe1
Compare
|
@davesque This pr is now ready for review, sorry for the noise with the commits I pushed, I had trouble making the test pass, but now everything is fine. |
|
@davesque is this going to be merged? I need this feature and want to know whether i should create my own solution or wait for this one to be merged. Thanks in advance for the response |
|
Yes, I would like to use this functionality as well. |
|
I would like this also, it would be very useful to be able to revoke access from the backend, unless there is a better way to do this? |
|
Yes, I need it here as well. It will be perfect also for a logout purpose. On django-rest-framework-jwt I have seen it's possible to make it in this way |
|
Here is another vote for the user-key-based logout functionality (similar to jpadilla/django-rest-framework-jwt#385 (comment)) . Any word on the possibility of merging this PR, @davesque? |
In order to address this issue :
#17
I propose the following solution:
algorithm
be called with the user id as defined by the USER_ID_FIELD and return a
key that can change for instance when the user changed his password