Gain insights into creating custom users, using Simple JWT for authentication, sending verification emails, managing tokens, resetting passwords, and testing endpoints in Django RESTful projects.

“Django-Restful Custom User Authentication Using Simple JWT”.png

Django_PostmanClip.tar.gz

initial-setup

installations

custom-model

reg-serializer

reg-view

reg-endpoint-one

reg-endpoint-two

reg-endpoint-three

email-verification-one

email-verification-two

resend-email-verification-one

resend-email-verification-two

login-serializer

login-view

login-view-one

login-endpoint-one

login-endpoint-two

password-reset-serializer

password-reset-email

password-reset-view

password-reset-endpoint-one

password-reset-endpoint-two

user-listing-and-retrieval-one

user-listing-and-retrieval-two

user-logout-and-token-blacklisting-one

user-logout-and-token-blacklisting-two

endpoint-listing-one

endpoint-listing-two

Postman-1

Django-Postman V 1.0-copy

In this course, you will learn to use a package called Simple JWT to help implement JWT authentication in your Django RESTful projects.

In the beginning, you will learn how to create custom users in Django using Django RESTful. Next, you will learn to register users using JWT and send them account verification emails. After that, you will learn how to make custom token claims when logging in users, and also how to refresh the tokens after expiry. You will then learn how to reset passwords and understand how password reset emails work. You will learn to organize your users in Django RESTful, log them out, and also black-list their JWT tokens. You will finish by learning how to manage and test your endpoints by documenting and testing them.

After the completion of this course, you will be able to create custom users in Django RESTful framework, authenticate them using Simple JWT, programmatically send account verification and password reset emails.

Custom User Authentication with Simple JWT in Django RESTful

# User logout
Users who log in using JWT are given access and refresh tokens. They have to use the access token whenever they make requests to protected resources. When it expires, they can renew it using the refresh token. To log out a user in our system, we must ensure that the JWTs they possess cannot get used for accessing the protected resources. However, we can still provide users with new JWTs if they log in again.

We can accomplish that by reducing the expiration time of an access token and blocklisting the refresh token. **Blocklisting** is adding the token to a list of unusable tokens. That makes it impossible for users to request a new access token using their current refresh token.
>**Note:** We use the term "blocklisting," but the Simple JWT package below uses "blacklisting." These terms mean the same thing.

# Setting up the blocklisting app
The Simple JWT package comes with a token blocklisting app. To activate it, we must add it to our list of `INSTALLED_APPS` in the `settings.py` file in our project-level directory.

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'main',
    'rest_framework_simplejwt.token_blacklist', # new
]


After adding the app to the list, we need to run `migrations` to add its models to the database schema using the command below:
 ```bash
py manage.py migrate
```
However, while using the Educative platform playgrounds, we don't have to run the command because it is done for us when we click the "Run" button.

Learn how to blocklist tokens and log out users.

User Logout and Token Blocklisting

About This Course

Registering Custom User Using Simple JWT

Logging in User Using Simple JWT

Resetting User Password

Organizing Users

User Logout

Managing and Testing the Endpoints

Conclusion

Appendix

User Logout and Token Blocklisting

User logout

Setting up the blocklisting app