restfamework
.Hello guys .I want to create alot users with some informations like phone number and etc with api Restframework and I dont know how to do that -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c85f50f2-d5e8-48fc-9129-7b30acf9a0d8%40googlegroups.com.
JWT Token
Hello guys I've created token by JWT and My questions 1-how to access to user information by token ? 2-Is that the Right way and is that secure? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com.
Re: JWT Token
Thanks for your explanation
After the user send the token to server
What Should I do with the token to access to user id and user name and etc .
This is project is mostly like blog web and when the user authenticate API
returns just post of this user .
I don't know how to reach user information with token in views or
serializer.
On Thu, Aug 22, 2019, 3:14 AM Ronit Mishra
wrote:
> Hi,
>
> First step is to authenticate and obtain the token. For instance, lets
> say your endpoint is /api/token, so it'll only accepts POST requests.
>
> >> post http://127.0.0.1:8000/api/token/ username=mohammad password=123
>
> You can use cURL, or HTTPie or Python's requests module to test this..
> Heck you can go full commando on this, by building an Angular front..
>
> The response will be of form:
>
> {
> "access":
> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjU5LCJqdGkiOiIyYmQ1NjI3MmIzYjI0YjNmOGI1MjJlNThjMzdjMTdlMSIsInVzZXJfaWQiOjF9.D92tTuVi_YcNkJtiLGHtcn6tBcxLCBxz9FKD3qzhUg8",
>
> "refresh":
> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTU0NTMxMDM1OSwianRpIjoiMjk2ZDc1ZDA3Nzc2NDE0ZjkxYjhiOTY4MzI4NGRmOTUiLCJ1c2VyX2lkIjoxfQ.rA-mnGRg71NEW_ga0sJoaMODS5ABjE5HnxJDb0F8xAo"
> }
>
> After that you are going to store both the access token and the refresh
> token on the client side, usually in the localStorage.
>
> In order to access the protected views on the backend (i.e., the API
> endpoints that require authentication), you should include the access token
> in the header of all requests, like this:
>
> http://127.0.0.1:8000/hello/ "Authorization: Bearer
> eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjAwLCJqdGkiOiJlMGQxZDY2MjE5ODc0ZTY3OWY0NjM0ZWU2NTQ2YTIwMCIsInVzZXJfaWQiOjF9.9eHat3CvRQYnb5EdcgYFzUyMobXzxlAVh_IAgqyvzCE"
>
>
> Thats it!
>
> And yes its the proper way of doing things!
>
> Cheers, Ronnie
>
>
> On Thu, Aug 22, 2019 at 3:46 AM Mohammad Kokhaee
> wrote:
>
>> Hello guys
>> I've created token by JWT and
>> My questions
>> 1-how to access to user information by token ?
>> 2-Is that the Right way and is that secure?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAHdYFMMeZos2z-yPhHJ3kk_pwY0vORfUNK%2BZeTMQ%3D-%2BVt61MMA%40mail.gmail.com.
Re: JWT Token
I get that clearly
But how to get the Response
Sorry I'm new
On Thu, Aug 22, 2019, 4:37 AM Ronit Mishra
wrote:
> You woulld be having some api/profile endpoint, in your project where user
> details would be available. Send a post request with access token just like
> I explained in the previous email and you should get the response with
> profile details.
>
> On Thu, Aug 22, 2019 at 5:13 AM Mohammad Kokhaee
> wrote:
>
>> Thanks for your explanation
>> After the user send the token to server
>> What Should I do with the token to access to user id and user name and
>> etc .
>> This is project is mostly like blog web and when the user authenticate
>> API returns just post of this user .
>> I don't know how to reach user information with token in views or
>> serializer.
>>
>> On Thu, Aug 22, 2019, 3:14 AM Ronit Mishra
>> wrote:
>>
>>> Hi,
>>>
>>> First step is to authenticate and obtain the token. For instance, lets
>>> say your endpoint is /api/token, so it'll only accepts POST requests.
>>>
>>> >> post http://127.0.0.1:8000/api/token/ username=mohammad password=123
>>>
>>> You can use cURL, or HTTPie or Python's requests module to test this..
>>> Heck you can go full commando on this, by building an Angular front..
>>>
>>> The response will be of form:
>>>
>>> {
>>> "access":
>>> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjU5LCJqdGkiOiIyYmQ1NjI3MmIzYjI0YjNmOGI1MjJlNThjMzdjMTdlMSIsInVzZXJfaWQiOjF9.D92tTuVi_YcNkJtiLGHtcn6tBcxLCBxz9FKD3qzhUg8",
>>>
>>> "refresh":
>>> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTU0NTMxMDM1OSwianRpIjoiMjk2ZDc1ZDA3Nzc2NDE0ZjkxYjhiOTY4MzI4NGRmOTUiLCJ1c2VyX2lkIjoxfQ.rA-mnGRg71NEW_ga0sJoaMODS5ABjE5HnxJDb0F8xAo"
>>> }
>>>
>>> After that you are going to store both the access token and the refresh
>>> token on the client side, usually in the localStorage.
>>>
>>> In order to access the protected views on the backend (i.e., the API
>>> endpoints that require authentication), you should include the access token
>>> in the header of all requests, like this:
>>>
>>> http://127.0.0.1:8000/hello/ "Authorization: Bearer
>>> eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTQ1MjI0MjAwLCJqdGkiOiJlMGQxZDY2MjE5ODc0ZTY3OWY0NjM0ZWU2NTQ2YTIwMCIsInVzZXJfaWQiOjF9.9eHat3CvRQYnb5EdcgYFzUyMobXzxlAVh_IAgqyvzCE"
>>>
>>>
>>> Thats it!
>>>
>>> And yes its the proper way of doing things!
>>>
>>> Cheers, Ronnie
>>>
>>>
>>> On Thu, Aug 22, 2019 at 3:46 AM Mohammad Kokhaee
>>> wrote:
>>>
>>>> Hello guys
>>>> I've created token by JWT and
>>>> My questions
>>>> 1-how to access to user information by token ?
>>>> 2-Is that the Right way and is that secure?
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to django-users+unsubscr...@googlegroups.com.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/django-users/b766250f-2fa7-4cb0-afc5-2e4a442dad1a%40googlegroups.com
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/django-users/CACh0Ehy%3DmojgF_jb4EZPcb2%3D1TV75%2BBm6FLODFhaqS7%3DJYL67Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/CAHdYFMMeZos2z-yPhHJ3kk_pwY0
how to secure api?
hi guys ??is that secure the signup user api have no permission and have no authenticate (allow any ) -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a9d9bd34-80db-4f5d-ba54-15d2ad4b48da%40googlegroups.com.
Re: how to secure api?
i'm saying if i set allow any permission is it secure? because robots can create user nonstop On Saturday, August 24, 2019 at 1:48:29 PM UTC+4:30, DANIEL URBANO DE LA RUA wrote: > > If you are not a member how you do that if not, you have to allow anyone > to become a member of your site > > On Sat, 24 Aug 2019, 09:52 Mohammad Kokhaee wrote: > >> hi guys >> >> >> ??is that secure the signup user api have no permission and have >> no authenticate >> >> >> (allow any ) >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/a9d9bd34-80db-4f5d-ba54-15d2ad4b48da%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-users/a9d9bd34-80db-4f5d-ba54-15d2ad4b48da%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/7ad8fa10-5b01-42cc-bbc8-0dd4515a02ee%40googlegroups.com.
