CopyPastor

WebSockets *can* include http headers and cookies. Be sure to set the following [djangorestframework-jwt][1] setting, and the Django-Channels 2 middleware below will correctly authenticate your users.
*settings.py* ``` JWT_AUTH = { 'JWT_AUTH_COOKIE': 'JWT', # the cookie will also be sent on WebSocket connections } ```
*routing.py:* ``` from channels.routing import ProtocolTypeRouter, URLRouter from django.urls import path from json_token_auth import JsonTokenAuthMiddlewareStack from yourapp.consumers import SocketCostumer
application = ProtocolTypeRouter({ "websocket": JsonTokenAuthMiddlewareStack( URLRouter([ path("socket/", SocketCostumer), ]), ),
}) ```

*json_token_auth.py* ``` from http import cookies
from channels.auth import AuthMiddlewareStack from django.contrib.auth.models import AnonymousUser from django.db import close_old_connections from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication

class JsonWebTokenAuthenticationFromScope(BaseJSONWebTokenAuthentication): """ Extracts the JWT from a channel scope (instead of an http request) """
def get_jwt_value(self, scope): try: cookie = next(x for x in scope['headers'] if x[0].decode('utf-8') == 'cookie')[1].decode('utf-8') return cookies.SimpleCookie(cookie)['JWT'].value except: return None

class JsonTokenAuthMiddleware(BaseJSONWebTokenAuthentication): """ Token authorization middleware for Django Channels 2 """
def __init__(self, inner): self.inner = inner
def __call__(self, scope):
try: # Close old database connections to prevent usage of timed out connections close_old_connections()
user, jwt_value = JsonWebTokenAuthenticationFromScope().authenticate(scope) scope['user'] = user except: scope['user'] = AnonymousUser()
return self.inner(scope)

def JsonTokenAuthMiddlewareStack(inner): return JsonTokenAuthMiddleware(AuthMiddlewareStack(inner))
```

[1]: http://getblimp.github.io/django-rest-framework-jwt/

The following Django-Channels 2 middleware authenticates JWTs generated by [djangorestframework-jwt][1] .
The token can be set via the djangorestframework-jwt http APIs, and it will also be sent for WebSocket connections __if ```JWT_AUTH_COOKIE``` is defined__.
*settings.py* ``` JWT_AUTH = { 'JWT_AUTH_COOKIE': 'JWT', # the cookie will also be sent on WebSocket connections } ```
*routing.py:* ``` from channels.routing import ProtocolTypeRouter, URLRouter from django.urls import path from json_token_auth import JsonTokenAuthMiddlewareStack from yourapp.consumers import SocketCostumer
application = ProtocolTypeRouter({ "websocket": JsonTokenAuthMiddlewareStack( URLRouter([ path("socket/", SocketCostumer), ]), ),
}) ```

*json_token_auth.py* ``` from http import cookies
from channels.auth import AuthMiddlewareStack from django.contrib.auth.models import AnonymousUser from django.db import close_old_connections from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication

class JsonWebTokenAuthenticationFromScope(BaseJSONWebTokenAuthentication): """ Extracts the JWT from a channel scope (instead of an http request) """
def get_jwt_value(self, scope): try: cookie = next(x for x in scope['headers'] if x[0].decode('utf-8') == 'cookie')[1].decode('utf-8') return cookies.SimpleCookie(cookie)['JWT'].value except: return None

class JsonTokenAuthMiddleware(BaseJSONWebTokenAuthentication): """ Token authorization middleware for Django Channels 2 """
def __init__(self, inner): self.inner = inner
def __call__(self, scope):
try: # Close old database connections to prevent usage of timed out connections close_old_connections()
user, jwt_value = JsonWebTokenAuthenticationFromScope().authenticate(scope) scope['user'] = user except: scope['user'] = AnonymousUser()
return self.inner(scope)

def JsonTokenAuthMiddlewareStack(inner): return JsonTokenAuthMiddleware(AuthMiddlewareStack(inner))
```

[1]: http://getblimp.github.io/django-rest-framework-jwt/

CopyPastor

Possible Plagiarism

Original Post