JWT Authentication

Last updated 6 months ago

Getting Started

Adding JWT Authentication to your API endpoints is extremely easy. All we'll need to do is import the Authentication class and we're ready to go:

from entry.api import JWTAuthentication
class UserResource(Resource, JsonSerialize, JWTAuthentication):
model = User

Once we have this authentication class, our API endpoint is now behind a JWT authentication wall. If we try to hit our endpoint now we will get an error like:

{ "error": "Authentication token not found" }

and if we pass in a random token we will get:

{ "error": "Invalid token received" }

Generating JWT Tokens

JWT tokens are short lived tokens that follow a 3 part standard.

We can quickly generate a token by adding the JWT tokens to our web.py file. We have two options here. The first option is to append it to the ROUTES constant or simply add it to the list of routes. The choice is yours on what is best for your workflow or your team's workflow.

Option 1:

from entry.api.controllers import JwtGrantController
ROUTES = [
...
JWTGrantController.routes()
...
]

Option 2:

from entry.api.controllers import JwtGrantController
ROUTES = [
...
]
ROUTES += JWTGrantController.routes()

CSRF Middleware

Some of these routes are POST routes. Because they are externally facing, they should not be under CSRF protection. If you are using these routes internally then it might be worth it to keep the CSRF protection on and just pass the CSRF token you receive on that page load.

You can turn off CSRF protection on specific routes by adding them to your exempt attribute on your CSRFMiddleware:

class CsrfMiddleware:
exempt = [
'/jwt/refresh'
]

Routes Available

get
Authenticating

http://localhost:8000/
jwt/authenticate
Authenticating a user to receive a short lived 5 minute JWT token.
Request
Response
Query Parameters
scope
optional
string
Any scopes you are requesting
username
required
string
The username of the user being authenticated
password
required
string
The password of the user being authenticated
200: OK
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3N1ZWQiOiIyMDE4LTA2LTIzVDAxOjIyOjE2Ljk0NzI5NS0wNDowMCIsInNjb3BlcyI6IiIsImV4cGlyZXMiOiIyMDE4LTA2LTIzVDAxOjI3OjE2Ljk0NzQ5NS0wNDowMCJ9.VIn8zN4Tp6M0gP1UnAHrzwIPFxP0mmARAWnvnEl-BX0"
}

post
Refreshing

http://localhost:8000
/jwt/refresh
This endpoint needs to receive a valid JWT token administered by the server in order to get a new one. This can be any valid JWT token that was once created with the server.
Request
Response
Path Parameters
token
required
string
The JWT token you already have assigned to you. This is the token you have been using.
200: OK
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3N1ZWQiOiIyMDE4LTA2LTIzVDAxOjIyOjE2Ljk0NzI5NS0wNDowMCIsInNjb3BlcyI6IiIsImV4cGlyZXMiOiIyMDE4LTA2LTIzVDAxOjI3OjE2Ljk0NzQ5NS0wNDowMCJ9.VIn8zN4Tp6M0gP1UnAHrzwIPFxP0mmARAWnvnEl-BX0"
}

Middleware

This package also adds a jwt middleware you can add to any routes you want to be protected behind JWT. You can use it simply like so:

ROUTES = [
...
Get().route('/url/', 'Controller@show').middleware('jwt')
]

This will make this route protected behind JWT just like any other resource.