Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Title
n
Namratha
01/20/2023, 5:04 AMI'm working on jwt authentication for my application using super tokens.. I'm getting some middleware errors:
r
rp
01/20/2023, 5:45 AMHey @Namratha
What is the request that you are sending?
And which recipes have you initialised on the backend?
n
Namratha
01/20/2023, 6:12 AMi want to write jwt decode code in python django:
import JsonWebToken from 'jsonwebtoken';
// Truncated for display
let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----";
let jwt = "...";
JsonWebToken.verify(jwt, certificate, function (err, decoded) {
let decodedJWT = decoded;
// Use JWT
});
python:
auth_header = request.headers.get('Authorization')
if auth_header:
try:
token = auth_header.split(' ')[1]
cert_str = '''-----BEGIN PUBLIC KEY----
xwIDAQAB
-----END PUBLIC KEY-----'''
cert_obj = load_pem_x509_certificate(cert_str, default_backend())
public_key = cert_obj.public_key()
decoded_token = jwt.decode(token, public_key, algorithms=['RS256'])
# Your code to handle the valid token here
return JsonResponse({'message': 'Token is valid'})
except jwt.DecodeError:
return JsonResponse({'error': 'Invalid token'}, status=401)
else:
return JsonResponse({'error': 'Authorization header is missing'}, status=401)
recipes list:
recipe_list=[
session.init(), # initializes session features
passwordless.init(
flow_type="USER_INPUT_CODE",
contact_config=ContactEmailOrPhoneConfig()
),
jwt.init(),
],
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"debug_toolbar.middleware.DebugToolbarMiddleware",
"debug_toolbar_force.middleware.ForceDebugToolbarMiddleware",
"supertokens_python.framework.django.django_middleware.middleware",
]
r
rp
01/20/2023, 8:48 AMcan i see the request that you are sending?
n
Namratha
01/20/2023, 8:50 AMsure
r
rp
01/20/2023, 8:52 AMright. And i assume that you are calling the jwks endpoint to verify the token?
in the session.init function call, you should enable jwt as well as shown here: https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/enabling-jwts
n
Namratha
01/20/2023, 11:45 AMyes i have enabled jwt
r
rp
01/20/2023, 11:46 AMand now if you query the jwks endnpoint while verifying the JWT, does it work?
n
Namratha
01/20/2023, 11:47 AMno.. not only this endpoint.. any endpoint calling with header "authorization" is giving me unauthorized error
r
rp
01/20/2023, 11:49 AMare you using the get_session function from our SDK? Cause that won't work with JWTs
Also, the certificate that you have in your code:
let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----";n
Namratha
01/20/2023, 11:54 AMi tried Microservice Auth for jwt
r
rp
01/20/2023, 11:55 AMSo you are getting a
jwt.DecodeErrorn
Namratha
01/20/2023, 11:58 AMok
r
rp
01/20/2023, 12:05 PMi don't see the error stack here
n
Namratha
01/20/2023, 12:11 PMi want to implement jwt authentication for all endpoints in my application
what should i do for that?
r
rp
01/20/2023, 12:13 PMCan i see the full error stack?
n
Namratha
01/20/2023, 12:14 PMWe are using supertoken passwordless recipe, everything is working with respect to that
where can i c the error stack?
r
rp
01/20/2023, 12:15 PMin python. Where you do
except jwt.DecodeError:n
Namratha
01/30/2023, 1:51 AMHi.. In microservice auth recipe, i want to implement m2 in python django (verify jwt section)
r
rp
01/30/2023, 5:00 AM@Namratha can you please be more specific with your question?
n
Namratha
01/30/2023, 6:06 AMi'm using microservice auth recipe for my python django application. I created JWT token. But JWT verification code which u have given is not in python django. i want to do jwt verification in python django
r
rp
01/30/2023, 6:06 AMi see. The jwt verification is a standard process. Please google how it's done in python
n
Namratha
01/30/2023, 6:29 AMok. I am using override_passwordless_apis to override the standard response of passwordless recipe when we submit otp. In response i want role of the user too
r
rp
01/30/2023, 6:42 AMthe role is added to the session.
You can read it from the session's payload as shown in our docs
n
Namratha
01/30/2023, 7:09 AMi don't want to use sessions
r
rp
01/30/2023, 7:22 AMYou can always make another API which returns the user's role
n
Namratha
01/30/2023, 7:44 AMthat i have done.. but if i could add this role in override_passwordless_apis response, it would be usefull
r
rp
01/30/2023, 7:45 AMcheckout the sending custom API response section. Which recipe are you using?
n
Namratha
01/30/2023, 7:53 AMpasswordless and user roles
n
Namratha
01/30/2023, 10:37 AMThanks it worked
is there any limit for OTP validation for same phonenumber
r
rp
01/30/2023, 10:39 AMlimit as in? There is a retry limit before which the user has to restart the flow
also, please create different threads
for different questions