I’ve been exploring various methods outlined in the Auth0 community to integrate Auth0 with Simple JWT in my Django Rest Framework (DRF) project. Currently, my project setup includes djangorestframework-simplejwt version 5.3.1, djangorestframework version 3.14.0, and Django version 4.2.6 for the backend, with React handling the frontend.
Here’s a snippet of my project’s settings.py file detailing the configuration related to authentication and JWT tokens:
INSTALLED_APPS = [
…
"rest_framework",
"rest_framework_simplejwt",
"rest_framework_simplejwt.token_blacklist",
...
]
REST_FRAMEWORK = {
“DEFAULT_PERMISSION_CLASSES”: [
“rest_framework.permissions.IsAuthenticated”,
],
“DEFAULT_AUTHENTICATION_CLASSES”: [
“rest_framework_simplejwt.authentication.JWTAuthentication”
],
“DEFAULT_SCHEMA_CLASS”: “drf_spectacular.openapi.AutoSchema”,
}
AUTH0_DOMAIN = “my-auth0-domain”
JWT_ISSUER = f"https://{AUTH0_DOMAIN}/"
JWT_AUDIENCE = auth0_credentials[“AUTH0_API_AUDIENCE”]
JWKS_URL = f"https://{AUTH0_DOMAIN}/.well-known/jwks.json"
SIMPLE_JWT = {
“ACCESS_TOKEN_LIFETIME”: timedelta(minutes=5),
“REFRESH_TOKEN_LIFETIME”: timedelta(days=1),
“ROTATE_REFRESH_TOKENS”: True,
“BLACKLIST_AFTER_ROTATION”: True,
“UPDATE_LAST_LOGIN”: True,
‘ALGORITHM’: ‘RS256’,
‘AUDIENCE’: JWT_AUDIENCE,
‘ISSUER’: JWT_ISSUER,
‘JWK_URL’: JWKS_URL,
‘AUTH_HEADER_TYPES’: ‘Bearer’,
‘AUTH_HEADER_NAME’: ‘HTTP_AUTHORIZATION’,
‘USER_ID_FIELD’: ‘auth0_sub’,
‘USER_ID_CLAIM’: ‘sub’,
“JTI_CLAIM”: None,
“TOKEN_TYPE_CLAIM”: None,
}
AUTHENTICATION_BACKENDS = [
“django.contrib.auth.backends.ModelBackend”,
]
Is there anything else I need to add or consider for this setup? Your guidance and suggestions are highly appreciated.
Thank you!