it is just a word. you can put any word you want. it is part of the encoding and decoding process and for security reason to avoid authorization bridge. if you check the token code generated you will see two dots (.). The first part of the token code rep the header encoded, the second part rep the payload dictionary that was passed to the function, and the last part rep the "access secret" word that was entered. I believe it is clear now. for example, this is a jwt token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
**do not forget to decode your jwtToken before send it to refres** You need to remove the b'' from byte strings... so: return jwt.encode({...}).decode(utf-8)
Your just deleting the access token from cookies but i want to blacklist the refresh and access token at a time .
where does the access secret come from 14:47
it is just a word. you can put any word you want. it is part of the encoding and decoding process and for security reason to avoid authorization bridge. if you check the token code generated you will see two dots (.). The first part of the token code rep the header encoded, the second part rep the payload dictionary that was passed to the function, and the last part rep the "access secret" word that was entered. I believe it is clear now. for example, this is a jwt token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
Thanks soo much for this video, its good to work with token stored on cookies or database ?
API refresh not working it always returns unauthenticated, I had checked the refresh token in the cookies it is present
import jwt, datetime
from rest_framework import exceptions
def create_access_token(id):
return jwt.encode({
'user_id': id,
'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=30),
'iat': datetime.datetime.utcnow()
}, 'access_secret', algorithm='HS256')
def decode_access_token(token):
try:
payload = jwt.decode(token, 'access_secret', algorithms='HS256')
return payload['user_id']
except:
raise exceptions.AuthenticationFailed('unauthenticated')
def create_refresh_token(id):
return jwt.encode({
'user_id': id,
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=7),
'iat': datetime.datetime.utcnow()
}, 'refresh_secret', algorithm='HS256')
def decode_refresh_token(token):
try:
payload = jwt.decode(token, 'refresh_secret', algorithms='HS256')
return payload['user_id']
except:
raise exceptions.AuthenticationFailed('unauthenticated')
**do not forget to decode your jwtToken before send it to refres**
You need to remove the b'' from byte strings... so:
return jwt.encode({...}).decode(utf-8)