Skip to content

Instantly share code, notes, and snippets.

@BolajiOlajide
Forked from AndrewJHart/jwt_authentication.py
Created September 17, 2017 22:03
Show Gist options
  • Save BolajiOlajide/5a2add3eed7edcf4627ee79c0b248ce1 to your computer and use it in GitHub Desktop.
Save BolajiOlajide/5a2add3eed7edcf4627ee79c0b248ce1 to your computer and use it in GitHub Desktop.
JWT authentication middleware for django rest framework that populates the request.user object
from django.utils.functional import SimpleLazyObject
from django.contrib.auth.models import AnonymousUser
from rest_framework.request import Request
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
def get_user_jwt(request):
"""
Replacement for django session auth get_user & auth.get_user for
JSON Web Token authentication. Inspects the token for the user_id,
attempts to get that user from the DB & assigns the user on the
request object. Otherwise it defaults to AnonymousUser.
This will work with existing decorators like LoginRequired, whereas
the standard restframework_jwt auth only works at the view level
forcing all authenticated users to appear as AnonymousUser ;)
Returns: instance of user object or AnonymousUser object
"""
user = None
try:
user_jwt = JSONWebTokenAuthentication().authenticate(Request(request))
if user_jwt is not None:
# store the first part from the tuple (user, obj)
user = user_jwt[0]
except:
pass
return user or AnonymousUser()
class JWTAuthenticationMiddleware(object):
""" Middleware for authenticating JSON Web Tokens in Authorize Header """
def process_request(self, request):
request.user = SimpleLazyObject(lambda : get_user_jwt(request))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment