This directory contains extensions to enable JWT Authentication for your endpoints.
JWT Authentication is mainly enabled by the JwtAuthentication class, which is a Django Rest Framework (DRF) authentication class. The REST endpoint declares which type(s) of authentication it supports or defaults to the DEFAULT_AUTHENTICATION_CLASSES value in DRF's REST_FRAMEWORK Django setting.
Here is an example of using Django Settings to set JwtAuthentication and SessionAuthentication as default for your Django application:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'edx_rest_framework_extensions.auth.jwt.authentication.JwtAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
}
Here is an example of a DRF API endpoint implemented using JwtAuthentication explicitly:
from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
from rest_framework.views import APIView
class MyAPIView(APIView):
authentication_classes = (JwtAuthentication, )
...
Additional notes about this class:
- JwtAuthentication extends the JSONWebTokenAuthentication class implemented in the django-rest-framework-jwt library.
- JwtAuthentication is used to authenticate an API request only if it is listed in the endpoint's authentication_classes and the request's Authorization header specifies "JWT" instead of "Bearer".
- Note: The Credentials service has its own implementation of JwtAuthentication and should be converted to use this common implementation.