JSON Web Token

Json web token are used to identify an authenticated user. It is issued by an authentication server and consumed by a client server.

Scenarios that using JWT:

• Authorization: allow users to do various things/ access vrious services after logged in.

• Info exchange: securely transmitting info between parties by using public/private key signature to identify parties.

JWT structure

• Header, two parts: token type and signing algorithm
• Payload, claims: entity info and additional data as necessary. there are three types: registered, public, and private.
• Signature, include an encoded head, an encoded payload and a secret.

How JWT works?

A JWT returned after logged in. Avoid expose it to public unnecessarily. when user need it to access to protected sources, send JWT using the Bearer schema, server will check it after and give access permission accordingly.

Why JWT? VS SWT, SAML

• JSON format is conciser than XML, therefore smaller and more compact, good for transmitting in environment.
• JSON parsers are more common than other formats aka XML etc.
• JWT is easier signing than the rest two, for their design and formatting reasons.

use JWT with Django REST Framework

1, pip install djangorestframework_simplejwt

2, modify Django settings.py

3, modify urls.py in app level

4, usage: Obtain token; refresh token

Django Runserver Is Not Your Production Server

DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests.
--Django Doc

Runserver is designed to just for project testing purpose, it’s slow and insecure. In real world production deployment, we need professional servers: webserver like Apache, Nginx; application servers like WSGI and .net framework for example.

Things I want to know more?

JWT Django project implementation in details.