-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
35 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,29 @@ | ||
# drf-passwordless-jwt | ||
|
||
`drf-passwordless-jwt` is a JWT passwordless authentication service | ||
for the Django REST framework. | ||
`drf-passwordless-jwt` is a RESTful API service that offers passwordless | ||
authentication using JWT. In other words, it's a Single Sign-On (SSO) | ||
service that allows users to log in without using a password. | ||
|
||
## Features | ||
- Email login token | ||
- Obtain JWT token | ||
- Verify JWT token | ||
- Dummy accounts used for development and testing purposes. | ||
|
||
## Usage | ||
|
||
```sh | ||
# Email login token | ||
$ curl -X POST -d "[email protected]" localhost:8000/auth/email/ | ||
{"detail":"A login token has been sent to your email."} | ||
|
||
Enter this token to sign in: 527389 | ||
|
||
# Obtain JWT token | ||
$ curl -X POST -d "[email protected]&token=527389" localhost:8000/auth/jwt/ | ||
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Inh5YkB0ZXN0LmNvbSIsImV4cCI6MTY3NTI2Njg0NH0.a7RgJLEbeFSQeFZ93qjC2iHo_wabglwzBZ9fe9D-rfw","email":"[email protected]"} | ||
|
||
# Verify JWT token | ||
$ curl -X POST -d "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Inh5YkB0ZXN0LmNvbSIsImV4cCI6MTY3NTI2Njg0NH0.a7RgJLEbeFSQeFZ93qjC2iHo_wabglwzBZ9fe9D-rfw" \ | ||
localhost:8000/auth/ | ||
{"email":"[email protected]","exp":"2023-02-01T15:54:04Z"} | ||
|
@@ -24,6 +34,26 @@ so you can also access this interface through your browser. | |
|
||
![](drf.webp) | ||
|
||
## Dummy accounts | ||
|
||
During development and testing, you may want to use dummy accounts to | ||
save time. To do this, you can configure environment variables. | ||
For example, if you want to use the email address [email protected] to log in, | ||
you can set the environment variable: | ||
```sh | ||
$ export EMAIL_TEST_ACCOUNT_a_at_a_com=123456 | ||
``` | ||
|
||
Then, you can use the command: | ||
```sh | ||
$ curl -X POST -d "[email protected]&token=123456" localhost:8000/auth/jwt/ | ||
``` | ||
|
||
to directly obtain a JWT token without having to first obtain a login | ||
token via email. This way, you can cut out the step of first getting | ||
a login token via email, and immediately receive a JWT token. | ||
This hack could save you significant time. | ||
|
||
## Configuration | ||
|
||
You should customize your configuration to suit your requirements. | ||
|
@@ -81,6 +111,9 @@ EMAIL_WHITE_LIST = r'.*' | |
# message on rejection | ||
EMAIL_WHITE_LIST_MESSAGE = 'unacceptable email address' | ||
|
||
# dummy account env prefix | ||
EMAIL_TEST_ACCOUNT_PREFIX = 'EMAIL_TEST_ACCOUNT_' | ||
|
||
# specify hosts separeated by commas | ||
CORS_ALLOWED_ORIGINS = '' | ||
|
||
|