rest_framework_simplejwt package

Submodules

rest_framework_simplejwt.authentication module

class rest_framework_simplejwt.authentication.JWTAuthentication(*args, **kwargs)

Bases: BaseAuthentication

An authentication plugin that authenticates requests through a JSON web token provided in a request header.

authenticate(request: Request) → tuple[AuthUser, Token] | None

Authenticate the request and return a two-tuple of (user, token).

authenticate_header(request: Request) → str

Return a string to be used as the value of the WWW-Authenticate header in a 401 Unauthenticated response, or None if the authentication scheme should return 403 Permission Denied responses.

get_header(request: Request) → bytes

Extracts the header containing the JSON web token from the given request.

get_raw_token(header: bytes) → bytes | None

Extracts an unvalidated JSON web token from the given “Authorization” header value.

get_user(validated_token: Token) → AuthUser

Attempts to find and return a user using the given validated token.

get_validated_token(raw_token: bytes) → Token

Validates an encoded JSON web token and returns a validated token wrapper object.

media_type = 'application/json'

www_authenticate_realm = 'api'

class rest_framework_simplejwt.authentication.JWTStatelessUserAuthentication(*args, **kwargs)

Bases: JWTAuthentication

An authentication plugin that authenticates requests through a JSON web token provided in a request header without performing a database lookup to obtain a user instance.

get_user(validated_token: Token) → AuthUser

Returns a stateless user object which is backed by the given validated token.

rest_framework_simplejwt.authentication.JWTTokenUserAuthentication

alias of JWTStatelessUserAuthentication

rest_framework_simplejwt.authentication.default_user_authentication_rule(user: AuthUser) → bool

rest_framework_simplejwt.models module

class rest_framework_simplejwt.models.TokenUser(token: Token)

Bases: object

A dummy user class modeled after django.contrib.auth.models.AnonymousUser. Used in conjunction with the JWTStatelessUserAuthentication backend to implement single sign-on functionality across services which share the same secret key. JWTStatelessUserAuthentication will return an instance of this class instead of a User model instance. Instances of this class act as stateless user objects which are backed by validated tokens.

check_password(raw_password: str) → None

delete() → None

get_all_permissions(obj: object | None = None) → set

get_group_permissions(obj: object | None = None) → set

get_username() → str

property groups: Group

has_module_perms(module: str) → bool

has_perm(perm: str, obj: object | None = None) → bool

has_perms(perm_list: list[str], obj: object | None = None) → bool

id

is_active = True

property is_anonymous: bool

property is_authenticated: bool

is_staff

is_superuser

pk

save() → None

set_password(raw_password: str) → None

property user_permissions: Permission

username

rest_framework_simplejwt.serializers module

class rest_framework_simplejwt.serializers.PasswordField(*args, **kwargs)

Bases: CharField

class rest_framework_simplejwt.serializers.TokenBlacklistSerializer(*args, **kwargs)

Bases: Serializer

token_class

alias of RefreshToken

validate(attrs: dict[str, Any]) → dict[Any, Any]

class rest_framework_simplejwt.serializers.TokenFamilyBlacklistSerializer(*args, **kwargs)

Bases: Serializer

token_class

alias of RefreshToken

validate(attrs: dict[str, Any]) → dict[Any, Any]

class rest_framework_simplejwt.serializers.TokenObtainPairSerializer(*args, **kwargs)

Bases: TokenObtainSerializer

token_class

alias of RefreshToken

validate(attrs: dict[str, Any]) → dict[str, str]

class rest_framework_simplejwt.serializers.TokenObtainSerializer(*args, **kwargs)

Bases: Serializer

default_error_messages = {'no_active_account': 'No active account found with the given credentials'}

classmethod get_token(user: AuthUser) → Token

token_class: type[Token] | None = None

username_field = 'username'

validate(attrs: dict[str, Any]) → dict[Any, Any]

class rest_framework_simplejwt.serializers.TokenObtainSlidingSerializer(*args, **kwargs)

Bases: TokenObtainSerializer

token_class

alias of SlidingToken

validate(attrs: dict[str, Any]) → dict[str, str]

class rest_framework_simplejwt.serializers.TokenRefreshSerializer(*args, **kwargs)

Bases: Serializer

default_error_messages = {'no_active_account': 'No active account found for the given token.'}

token_class

alias of RefreshToken

validate(attrs: dict[str, Any]) → dict[str, str]

class rest_framework_simplejwt.serializers.TokenRefreshSlidingSerializer(*args, **kwargs)

Bases: Serializer

token_class

alias of SlidingToken

validate(attrs: dict[str, Any]) → dict[str, str]

class rest_framework_simplejwt.serializers.TokenVerifySerializer(*args, **kwargs)

Bases: Serializer

validate(attrs: dict[str, None]) → dict[Any, Any]

rest_framework_simplejwt.tokens module

class rest_framework_simplejwt.tokens.AccessToken(token: Token | None = None, verify: bool = True)

Bases: Token

lifetime: timedelta | None = datetime.timedelta(seconds=300)

token_type: str | None = 'access'

verify()

Runs standard verification and optionally checks token family status.

class rest_framework_simplejwt.tokens.BlacklistMixin

Bases: Generic[T]

If the rest_framework_simplejwt.token_blacklist app was configured to be used, tokens created from BlacklistMixin subclasses will insert themselves into an outstanding token list and also check for their membership in a token blacklist.

blacklist() → tuple[BlacklistedToken, bool]

Ensures this token is included in the outstanding token list and adds it to the blacklist.

check_blacklist() → None

Checks if this token is present in the token blacklist. Raises TokenError if so.

classmethod for_user(user: AuthUser) → T

Adds this token to the outstanding token list.

outstand() → OutstandingToken | None

Ensures this token is included in the outstanding token list and adds it to the outstanding token list if not.

payload: dict[str, Any]

verify(*args, **kwargs) → None

class rest_framework_simplejwt.tokens.FamilyMixin

Bases: Generic[T]

Tokens created from FamilyMixin subclasses will track token families, enhancing the ability to detect and manage unwanted refresh token reuse.

This is useful for implementing security measures such as blacklisting entire token families upon detected misuse.

payload: dict[str, Any]

class rest_framework_simplejwt.tokens.RefreshToken(token: Token | None = None, verify: bool = True)

Bases: BlacklistMixin[RefreshToken], FamilyMixin[RefreshToken], Token

property access_token: AccessToken

Returns an access token created from this refresh token. Copies all claims present in this refresh token to the new access token except those claims listed in the no_copy_claims attribute.

access_token_class

alias of AccessToken

lifetime: timedelta | None = datetime.timedelta(days=1)

no_copy_claims = ('token_type', 'exp', 'jti', 'jti', 'iat')

token_type: str | None = 'refresh'

class rest_framework_simplejwt.tokens.SlidingToken(*args, **kwargs)

Bases: BlacklistMixin[SlidingToken], Token

lifetime: timedelta | None = datetime.timedelta(seconds=300)

token_type: str | None = 'sliding'

class rest_framework_simplejwt.tokens.Token(token: Token | None = None, verify: bool = True)

Bases: object

A class which validates and wraps an existing JWT or can be used to build a new JWT.

check_exp(claim: str = 'exp', current_time: datetime | None = None) → None

Checks whether a timestamp value in the given claim has passed (since the given datetime value in current_time). Raises a TokenError with a user-facing error message if so.

classmethod for_user(user: AuthUser) → T

Returns an authorization token for the given user that will be provided after authenticating the user’s credentials.

get(key: str, default: Any | None = None) → Any

get_token_backend() → TokenBackend

lifetime: timedelta | None = None

outstand() → OutstandingToken | None

Ensures this token is included in the outstanding token list and adds it to the outstanding token list if not.

set_exp(claim: str = 'exp', from_time: datetime | None = None, lifetime: timedelta | None = None) → None

Updates the expiration time of a token.

See here: https://tools.ietf.org/html/rfc7519#section-4.1.4

set_iat(claim: str = 'iat', at_time: datetime | None = None) → None

Updates the time at which the token was issued.

See here: https://tools.ietf.org/html/rfc7519#section-4.1.6

set_jti() → None

Populates the configured jti claim of a token with a string where there is a negligible probability that the same string will be chosen at a later time.

See here: https://tools.ietf.org/html/rfc7519#section-4.1.7

property token_backend: TokenBackend

token_type: str | None = None

verify() → None

Performs additional validation steps which were not performed when this token was decoded. This method is part of the “public” API to indicate the intention that it may be overridden in subclasses.

verify_token_type() → None

Ensures that the token type claim is present and has the correct value.

class rest_framework_simplejwt.tokens.UntypedToken(token: Token | None = None, verify: bool = True)

Bases: Token

lifetime: timedelta | None = datetime.timedelta(0)

token_type: str | None = 'untyped'

verify_token_type() → None

Untyped tokens do not verify the “token_type” claim. This is useful when performing general validation of a token’s signature and other properties which do not relate to the token’s intended use.

rest_framework_simplejwt.utils module

rest_framework_simplejwt.utils.aware_utcnow() → datetime

rest_framework_simplejwt.utils.datetime_from_epoch(ts: float) → datetime

rest_framework_simplejwt.utils.datetime_to_epoch(dt: datetime) → int

rest_framework_simplejwt.utils.format_lazy(s: str, *args, **kwargs) → str

rest_framework_simplejwt.utils.get_md5_hash_password(password: str) → str

Returns MD5 hash of the given password

rest_framework_simplejwt.utils.make_utc(dt: datetime) → datetime

rest_framework_simplejwt.views module

class rest_framework_simplejwt.views.TokenBlacklistView(**kwargs)

Bases: TokenViewBase

Takes a token and blacklists it. Must be used with the rest_framework_simplejwt.token_blacklist app installed.

class rest_framework_simplejwt.views.TokenFamilyBlacklistView(**kwargs)

Bases: TokenViewBase

Takes a token’s family and blacklists it. Must be used with the rest_framework_simplejwt.token_family app installed.

class rest_framework_simplejwt.views.TokenObtainPairView(**kwargs)

Bases: TokenViewBase

Takes a set of user credentials and returns an access and refresh JSON web token pair to prove the authentication of those credentials.

class rest_framework_simplejwt.views.TokenObtainSlidingView(**kwargs)

Bases: TokenViewBase

Takes a set of user credentials and returns a sliding JSON web token to prove the authentication of those credentials.

class rest_framework_simplejwt.views.TokenRefreshSlidingView(**kwargs)

Bases: TokenViewBase

Takes a sliding JSON web token and returns a new, refreshed version if the token’s refresh period has not expired.

class rest_framework_simplejwt.views.TokenRefreshView(**kwargs)

Bases: TokenViewBase

Takes a refresh type JSON web token and returns an access type JSON web token if the refresh token is valid.

class rest_framework_simplejwt.views.TokenVerifyView(**kwargs)

Bases: TokenViewBase

Takes a token and indicates if it is valid. This view provides no information about a token’s fitness for a particular use.

class rest_framework_simplejwt.views.TokenViewBase(**kwargs)

Bases: GenericAPIView

authentication_classes = ()

get_authenticate_header(request: Request) → str

If a request is unauthenticated, determine the WWW-Authenticate header to use for 401 responses, if any.

get_serializer_class() → type[BaseSerializer]

If serializer_class is set, use it directly. Otherwise get the class from settings.

permission_classes = ()

post(request: Request, *args, **kwargs) → Response

serializer_class: type[BaseSerializer] | None = None

www_authenticate_realm = 'api'

rest_framework_simplejwt.views.token_blacklist(request, *args, **kwargs)

Takes a token and blacklists it. Must be used with the rest_framework_simplejwt.token_blacklist app installed.

rest_framework_simplejwt.views.token_family_blacklist(request, *args, **kwargs)

Takes a token’s family and blacklists it. Must be used with the rest_framework_simplejwt.token_family app installed.

rest_framework_simplejwt.views.token_obtain_pair(request, *args, **kwargs)

Takes a set of user credentials and returns an access and refresh JSON web token pair to prove the authentication of those credentials.

rest_framework_simplejwt.views.token_obtain_sliding(request, *args, **kwargs)

Takes a set of user credentials and returns a sliding JSON web token to prove the authentication of those credentials.

rest_framework_simplejwt.views.token_refresh(request, *args, **kwargs)

Takes a refresh type JSON web token and returns an access type JSON web token if the refresh token is valid.

rest_framework_simplejwt.views.token_refresh_sliding(request, *args, **kwargs)

Takes a sliding JSON web token and returns a new, refreshed version if the token’s refresh period has not expired.

rest_framework_simplejwt.views.token_verify(request, *args, **kwargs)

Takes a token and indicates if it is valid. This view provides no information about a token’s fitness for a particular use.

Module contents