13 Matching Annotations
  1. Feb 2020
    1. if you’re using user federation (things like single sign-on and OpenID Connect), JWTs become important because you need a way to validate a user’s identity via a third party.
    2. If you’re building API services that need to support server-to-server or client-to-server (like a mobile app or single page app (SPA)) communication, using JWTs as your API tokens is a very smart idea.
    3. If your website is popular and has many users, cache your sessions in a backend like memcached or redis, and you can easily scale your service with very little hassle.
    4. in most web authentication cases, the JWT data is stored in a session cookie anyways, meaning that there are now two levels of signing. One on the cookie itself, and one on the JWT.
    5. Almost every web framework loads the user on every incoming request. This includes frameworks like Django, Rails, Express.js (if you’re using an authentication library), etc. This means that even for sites that are primarily stateless, the web framework you’re using is still loading the user object regardless.
    6. since JWTs are larger (in bytes) and also require CPU to compute cryptographic signatures, they’re actually significantly slower than traditional sessions when used in this manner.
    7. This means that on most websites, the stateless benefits of a JWT are not being taken advantage of.
  2. Oct 2017
    1. http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication

      Try to turn on token-based authentication on DRF (http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication) and then follow the usual install of DRF-JWT, then added djoser and it works right of the box with no modifications to the code.

  3. Dec 2016
    1. Sometimes you may want to manually generate a token, for example to return a token to the user immediately after account creation. You can do this as follows:
  4. Oct 2015
  5. May 2015