JWT_Auth | jwt works | Authentication library

You can make use of tryMap with combine to figure out where the function should return. I'd suggest you take a read of the documentation on it but here is a snippet that should be able to get you moving with it.

Hopefully this is what you mean by the question - I've changed a few things but feel free to take the code as a building block and adapt as needed!

Firstly, I'd recommend to prefer djangorestframework-simplejwt over django-rest-framework-jwt (which is not maintained).

Both have these views basically:

• Obtain token view (ie. login), takes credentials and returns a pair of access and refresh tokens
• Refresh token view, takes a valid refresh token and returns a refreshed access token

You'll have 2 different lifetimes for your tokens. Your access token typically lives for a few minutes whereas your refresh token would stand as long as you'd like your session to be valid.

The access token is used to prove your authentication. When expired, you should request another one thanks to the refresh view. If your refresh token is not valid (expired or blacklisted), you can wipe the authentication state on your client and ask for credentials again to obtain a new pair.

By default, when you authenticate you'll have a refresh token valid until a fixed expiry. Once reached, even if you're active, you'll need to authenticate again.

If you need a slightly short lived session, you may want to mimic Django's SESSION_SAVE_EVERY_REQUEST to postpone the session's expiry. You can achieve this by rotating refresh tokens: when you request a new token to your refresh view, it will issue both renewed access and refresh tokens, and the refresh one would have its expiry postponed. This is covered by djangorestframework-simplejwt thanks to the ROTATE_REFRESH_TOKENS setting.

add JWT before the token in your header

'DEFAULT_PERMISSION_CLASSES' is conventiently applied to all views, unless manually overridden. In your case both listed permissions require the user to be authenticated. FYI, the list is evaluated in an OR fashion.

If you want to allow everyone by default and only tighten down specific views, you want to set

'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.AllowAny']

which does not require the user to be authenticated. Then set more strict permissions explicitly on the view (e.g. permissions_classes = [IsAuthenticated]) The DEFAULT_AUTHENTICATION_CLASS can stay as is.

NOTE: It is generally advisable to do it the other way round. It's very easy to accidentally expose an unsecured endpoint like this and potentially create a security breach in your API. The default should be secure and then exceptions should be be manually lifted.

You get 403 because the aud on the JWT token you've generated is not found on securityDefinitions of your API config.

To allow additional client IDs to access the backend service, you can specify the allowed client IDs in the x-google-audiences field by using comma-separated values. API Gateway then accepts the JWTs with any of the specified client IDs in the aud claim.

Go here and paste your token to see your JWT "aud" claim. If you generated the ID token using gcloud auth, the aud will most likely be a Client ID like 1234567890.apps.googleusercontent.com. But if you generated the token using your own service, then it would depend on what you've specified as a target audience.

To solve the problem, add x-google-audiences field on the securityDefinitions section and the value should match with your JWT "aud" claim.

Assuming that the aud on your JWT token is a Cloud Run service endpoint, then your API config should look like this. Feel free to check the documentation as additional reference:

Your problem is that you have an end-of-line marker in your re_path, so it won't match and delegate to the auth0 urls:

re_path(r"^auth0/?$", include("apps.auth_zero.urls")),

Does not match /auth0/something, only /auth0/ or /auth0. Loose the end of line marker.

create: (ctx) => Auth(),

This ctx is not current context of the page you have to create one object of BuildContext or context is the same for the whole widget tree so you can directly pass context

create: (context) => Auth(), or create: (_) => Auth(),

It was issue with version couch db version

update to 3.1.1