I'm working on jwt authentication for my applicati...
# support-questionsn
Namratha
01/20/2023, 5:04 AMI'm working on jwt authentication for my application using super tokens.. I'm getting some middleware errors:
r
rp
01/20/2023, 5:45 AMHey @Namratha
rp
01/20/2023, 5:45 AMWhat is the request that you are sending?
rp
01/20/2023, 5:46 AMAnd which recipes have you initialised on the backend?
n
Namratha
01/20/2023, 6:12 AMi want to write jwt decode code in python django:
Namratha
01/20/2023, 6:12 AMimport JsonWebToken from 'jsonwebtoken';
// Truncated for display
let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----";
let jwt = "...";
JsonWebToken.verify(jwt, certificate, function (err, decoded) {
let decodedJWT = decoded;
// Use JWT
});
Namratha
01/20/2023, 6:14 AMpython:
auth_header = request.headers.get('Authorization')
if auth_header:
try:
token = auth_header.split(' ')[1]
cert_str = '''-----BEGIN PUBLIC KEY----
xwIDAQAB
-----END PUBLIC KEY-----'''
cert_obj = load_pem_x509_certificate(cert_str, default_backend())
public_key = cert_obj.public_key()
decoded_token = jwt.decode(token, public_key, algorithms=['RS256'])
# Your code to handle the valid token here
return JsonResponse({'message': 'Token is valid'})
except jwt.DecodeError:
return JsonResponse({'error': 'Invalid token'}, status=401)
else:
return JsonResponse({'error': 'Authorization header is missing'}, status=401)
Namratha
01/20/2023, 6:14 AMrecipes list:
recipe_list=[
session.init(), # initializes session features
passwordless.init(
flow_type="USER_INPUT_CODE",
contact_config=ContactEmailOrPhoneConfig()
),
jwt.init(),
],
Namratha
01/20/2023, 6:16 AMMIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"debug_toolbar.middleware.DebugToolbarMiddleware",
"debug_toolbar_force.middleware.ForceDebugToolbarMiddleware",
"supertokens_python.framework.django.django_middleware.middleware",
]
r
rp
01/20/2023, 8:48 AMcan i see the request that you are sending?
n
Namratha
01/20/2023, 8:50 AMsure
r
rp
01/20/2023, 8:52 AMright. And i assume that you are calling the jwks endpoint to verify the token?
rp
01/20/2023, 8:53 AMin the session.init function call, you should enable jwt as well as shown here: https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/enabling-jwts
n
Namratha
01/20/2023, 11:45 AMyes i have enabled jwt
r
rp
01/20/2023, 11:46 AMand now if you query the jwks endnpoint while verifying the JWT, does it work?
n
Namratha
01/20/2023, 11:47 AMno.. not only this endpoint.. any endpoint calling with header "authorization" is giving me unauthorized error
r
rp
01/20/2023, 11:49 AMare you using the get_session function from our SDK? Cause that won't work with JWTs
rp
01/20/2023, 11:49 AMAlso, the certificate that you have in your code:
Copy code
let certificate = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...\n-----END PUBLIC KEY-----";n
Namratha
01/20/2023, 11:54 AMi tried Microservice Auth for jwt
r
rp
01/20/2023, 11:55 AMSo you are getting a
jwt.DecodeErrorn
Namratha
01/20/2023, 11:58 AMok
r
rp
01/20/2023, 12:05 PMi don't see the error stack here
n
Namratha
01/20/2023, 12:11 PMi want to implement jwt authentication for all endpoints in my application
Namratha
01/20/2023, 12:11 PMwhat should i do for that?
r
rp
01/20/2023, 12:13 PMCan i see the full error stack?
n
Namratha
01/20/2023, 12:14 PMWe are using supertoken passwordless recipe, everything is working with respect to that
Namratha
01/20/2023, 12:14 PMwhere can i c the error stack?
r
rp
01/20/2023, 12:15 PMin python. Where you do
except jwt.DecodeError:n
Namratha
01/30/2023, 1:51 AMHi.. In microservice auth recipe, i want to implement m2 in python django (verify jwt section)
r
rp
01/30/2023, 5:00 AM@Namratha can you please be more specific with your question?
n
Namratha
01/30/2023, 6:06 AMi'm using microservice auth recipe for my python django application. I created JWT token. But JWT verification code which u have given is not in python django. i want to do jwt verification in python django
r
rp
01/30/2023, 6:06 AMi see. The jwt verification is a standard process. Please google how it's done in python
n
Namratha
01/30/2023, 6:29 AMok. I am using override_passwordless_apis to override the standard response of passwordless recipe when we submit otp. In response i want role of the user too
r
rp
01/30/2023, 6:42 AMthe role is added to the session.
rp
01/30/2023, 6:42 AMYou can read it from the session's payload as shown in our docs
n
Namratha
01/30/2023, 7:09 AMi don't want to use sessions
r
rp
01/30/2023, 7:22 AMYou can always make another API which returns the user's role
n
Namratha
01/30/2023, 7:44 AMthat i have done.. but if i could add this role in override_passwordless_apis response, it would be usefull
r
rp
01/30/2023, 7:45 AMcheckout the sending custom API response section. Which recipe are you using?
n
Namratha
01/30/2023, 7:53 AMpasswordless and user roles
n
Namratha
01/30/2023, 10:37 AMThanks it worked
Namratha
01/30/2023, 10:38 AMis there any limit for OTP validation for same phonenumber
r
rp
01/30/2023, 10:39 AMlimit as in? There is a retry limit before which the user has to restart the flow
rp
01/30/2023, 10:39 AMalso, please create different threads
rp
01/30/2023, 10:39 AMfor different questions
4 Views