I'm working on jwt authentication for my applicati...
# support-questions
n
I'm working on jwt authentication for my application using super tokens.. I'm getting some middleware errors:
r
Hey @Namratha
What is the request that you are sending?
And which recipes have you initialised on the backend?
n
i want to write jwt decode code in python django:
import JsonWebToken from 'jsonwebtoken'; // Truncated for display let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----"; let jwt = "..."; JsonWebToken.verify(jwt, certificate, function (err, decoded) { let decodedJWT = decoded; // Use JWT });
python: auth_header = request.headers.get('Authorization') if auth_header: try: token = auth_header.split(' ')[1] cert_str = '''-----BEGIN PUBLIC KEY---- xwIDAQAB -----END PUBLIC KEY-----''' cert_obj = load_pem_x509_certificate(cert_str, default_backend()) public_key = cert_obj.public_key() decoded_token = jwt.decode(token, public_key, algorithms=['RS256']) # Your code to handle the valid token here return JsonResponse({'message': 'Token is valid'}) except jwt.DecodeError: return JsonResponse({'error': 'Invalid token'}, status=401) else: return JsonResponse({'error': 'Authorization header is missing'}, status=401)
recipes list: recipe_list=[ session.init(), # initializes session features passwordless.init( flow_type="USER_INPUT_CODE", contact_config=ContactEmailOrPhoneConfig() ), jwt.init(), ],
MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", "django.contrib.sessions.middleware.SessionMiddleware", "corsheaders.middleware.CorsMiddleware", "django.middleware.common.CommonMiddleware", "django.middleware.csrf.CsrfViewMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", "debug_toolbar.middleware.DebugToolbarMiddleware", "debug_toolbar_force.middleware.ForceDebugToolbarMiddleware", "supertokens_python.framework.django.django_middleware.middleware", ]
r
can i see the request that you are sending?
n
sure
r
right. And i assume that you are calling the jwks endpoint to verify the token?
in the session.init function call, you should enable jwt as well as shown here: https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/enabling-jwts
n
yes i have enabled jwt
r
and now if you query the jwks endnpoint while verifying the JWT, does it work?
n
no.. not only this endpoint.. any endpoint calling with header "authorization" is giving me unauthorized error
r
are you using the get_session function from our SDK? Cause that won't work with JWTs
Also, the certificate that you have in your code:
Copy code
let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----";
where does that come from?
n
i tried Microservice Auth for jwt
r
So you are getting a
jwt.DecodeError
right? Can you print out the full error message / stack
n
ok
r
i don't see the error stack here
n
i want to implement jwt authentication for all endpoints in my application
what should i do for that?
r
Can i see the full error stack?
n
We are using supertoken passwordless recipe, everything is working with respect to that
where can i c the error stack?
r
in python. Where you do
except jwt.DecodeError:
. Print out the full exception
n
Hi.. In microservice auth recipe, i want to implement m2 in python django (verify jwt section)
r
@Namratha can you please be more specific with your question?
n
i'm using microservice auth recipe for my python django application. I created JWT token. But JWT verification code which u have given is not in python django. i want to do jwt verification in python django
r
i see. The jwt verification is a standard process. Please google how it's done in python
n
ok. I am using override_passwordless_apis to override the standard response of passwordless recipe when we submit otp. In response i want role of the user too
r
the role is added to the session.
You can read it from the session's payload as shown in our docs
n
i don't want to use sessions
r
You can always make another API which returns the user's role
n
that i have done.. but if i could add this role in override_passwordless_apis response, it would be usefull
r
checkout the sending custom API response section. Which recipe are you using?
n
passwordless and user roles
n
Thanks it worked
is there any limit for OTP validation for same phonenumber
r
limit as in? There is a retry limit before which the user has to restart the flow
also, please create different threads
for different questions
3 Views