https://supertokens.com/ logo
Title
n

Namratha

01/20/2023, 5:04 AM
I'm working on jwt authentication for my application using super tokens.. I'm getting some middleware errors:
r

rp

01/20/2023, 5:45 AM
Hey @Namratha
What is the request that you are sending?
And which recipes have you initialised on the backend?
n

Namratha

01/20/2023, 6:12 AM
i want to write jwt decode code in python django:
import JsonWebToken from 'jsonwebtoken'; // Truncated for display let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----"; let jwt = "..."; JsonWebToken.verify(jwt, certificate, function (err, decoded) { let decodedJWT = decoded; // Use JWT });
python: auth_header = request.headers.get('Authorization') if auth_header: try: token = auth_header.split(' ')[1] cert_str = '''-----BEGIN PUBLIC KEY---- xwIDAQAB -----END PUBLIC KEY-----''' cert_obj = load_pem_x509_certificate(cert_str, default_backend()) public_key = cert_obj.public_key() decoded_token = jwt.decode(token, public_key, algorithms=['RS256']) # Your code to handle the valid token here return JsonResponse({'message': 'Token is valid'}) except jwt.DecodeError: return JsonResponse({'error': 'Invalid token'}, status=401) else: return JsonResponse({'error': 'Authorization header is missing'}, status=401)
recipes list: recipe_list=[ session.init(), # initializes session features passwordless.init( flow_type="USER_INPUT_CODE", contact_config=ContactEmailOrPhoneConfig() ), jwt.init(), ],
MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "corsheaders.middleware.CorsMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "debug_toolbar.middleware.DebugToolbarMiddleware", "debug_toolbar_force.middleware.ForceDebugToolbarMiddleware", "supertokens_python.framework.django.django_middleware.middleware", ]
r

rp

01/20/2023, 8:48 AM
can i see the request that you are sending?
n

Namratha

01/20/2023, 8:50 AM
sure
r

rp

01/20/2023, 8:52 AM
right. And i assume that you are calling the jwks endpoint to verify the token?
in the session.init function call, you should enable jwt as well as shown here: https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/enabling-jwts
n

Namratha

01/20/2023, 11:45 AM
yes i have enabled jwt
r

rp

01/20/2023, 11:46 AM
and now if you query the jwks endnpoint while verifying the JWT, does it work?
n

Namratha

01/20/2023, 11:47 AM
no.. not only this endpoint.. any endpoint calling with header "authorization" is giving me unauthorized error
r

rp

01/20/2023, 11:49 AM
are you using the get_session function from our SDK? Cause that won't work with JWTs
Also, the certificate that you have in your code:
let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----";
where does that come from?
n

Namratha

01/20/2023, 11:54 AM
i tried Microservice Auth for jwt
r

rp

01/20/2023, 11:55 AM
So you are getting a
jwt.DecodeError
right? Can you print out the full error message / stack
n

Namratha

01/20/2023, 11:58 AM
ok
r

rp

01/20/2023, 12:05 PM
i don't see the error stack here
n

Namratha

01/20/2023, 12:11 PM
i want to implement jwt authentication for all endpoints in my application
what should i do for that?
r

rp

01/20/2023, 12:13 PM
Can i see the full error stack?
n

Namratha

01/20/2023, 12:14 PM
We are using supertoken passwordless recipe, everything is working with respect to that
where can i c the error stack?
r

rp

01/20/2023, 12:15 PM
in python. Where you do
except jwt.DecodeError:
. Print out the full exception
n

Namratha

01/30/2023, 1:51 AM
Hi.. In microservice auth recipe, i want to implement m2 in python django (verify jwt section)
r

rp

01/30/2023, 5:00 AM
@Namratha can you please be more specific with your question?
n

Namratha

01/30/2023, 6:06 AM
i'm using microservice auth recipe for my python django application. I created JWT token. But JWT verification code which u have given is not in python django. i want to do jwt verification in python django
r

rp

01/30/2023, 6:06 AM
i see. The jwt verification is a standard process. Please google how it's done in python
n

Namratha

01/30/2023, 6:29 AM
ok. I am using override_passwordless_apis to override the standard response of passwordless recipe when we submit otp. In response i want role of the user too
r

rp

01/30/2023, 6:42 AM
the role is added to the session.
You can read it from the session's payload as shown in our docs
n

Namratha

01/30/2023, 7:09 AM
i don't want to use sessions
r

rp

01/30/2023, 7:22 AM
You can always make another API which returns the user's role
n

Namratha

01/30/2023, 7:44 AM
that i have done.. but if i could add this role in override_passwordless_apis response, it would be usefull
r

rp

01/30/2023, 7:45 AM
checkout the sending custom API response section. Which recipe are you using?
n

Namratha

01/30/2023, 7:53 AM
passwordless and user roles
n

Namratha

01/30/2023, 10:37 AM
Thanks it worked
is there any limit for OTP validation for same phonenumber
r

rp

01/30/2023, 10:39 AM
limit as in? There is a retry limit before which the user has to restart the flow
also, please create different threads
for different questions