Code 401 Class 33 Reading Notes

JSON Web Tokens

JSON Web Token(JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

When are they useful?

• Authorization: Most common scenario, allows the user to access routes, services, and resources that are permitted with that token.
• Information Exchange: JSON Web Tokens are a good way of securely transmitting information between parties. This ensures that you can be sure the senders are who they say they are.

Structure

• Header: Typically consists of two parts, the type of token, which JWT, and the signing algorithm being used.
• Payload: Contains claims, which are statements about entity and additional data.
  • Registered claims: These are a set of predefined claims which are not mandatory but recommended.
  • Public claims: Can be defined at will by those using JWTs. They should be defined in the IANA JSON Web Token Registry, or as a URI that contains a collision resistant namespace.
  • Private claims: Custom claims to share information between parties that agree on using them and are neither registered or public claims.
• Signature: Takes the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

——————————–

DRF JWT Authentication

1. pip install djangorestframework_simplejwt: installs the recommended library by the DRF developers.
2. settings.py REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework_simplejwt.authentication.JWTAuthentication', ], }
3. urls.py ` from django.urls import path from rest_framework_simplejwt import views as jwt_views

urlpatterns = [ # Your URLs… path(‘api/token/’, jwt_views.TokenObtainPairView.as_view(), name=’token_obtain_pair’), path(‘api/token/refresh/’, jwt_views.TokenRefreshView.as_view(), name=’token_refresh’), ] `

——————————–

Django Runserver Is Not Your Production Server

Do NOT USE THIS SERVER IN A PRODUCTION SETTING> It has not gone through security audits or performance tests.

• The server started with runservers is not guaranteed to be performant (it’s very slow), and it hasn’t been built with security concerns in mind.
• Production Stack: Usually consists of multiple components, each designed and built to be really good at one specific thing. Fast reliable and very focused.
• Django uses uwsgi.py file, which contains a function to be called by the application server. This function gets a Python object representing the incoming request.
  • This function calls your code, and produces a response object which is passed to the WSGI server. There the response is translated into a HTTP response and is passed back to the web server, which finally delivers it to the user.

——————————–

Things I want to know more about

<—BACK