Hi Claude JWT's are indeed popular for API's. I think if Django was being created "from the ground up" today, JWT's would be a no-brainer to include, so it seems reasonable to add some support.
I've had a look at the PR, and yes it is indeed a small amount of code - and thanks for the documentation. Have you got any data on how often encrypted vs. non-encrypted JWT's are used? Personally I can't remember from the projects I've worked on which format has been used. Thanks, Adam On Wed, 22 Apr 2020 at 09:57, Claude Paroz <cla...@2xlibre.net> wrote: > For your information, I now added docs to the tentative patch: > > https://github.com/django/django/pull/12728 > > Claude > > Le 15.04.20 à 21:26, Claude Paroz a écrit : > > Thanks Abhijeet for the pointer, I know there are some rather complete > > JWT libs around, but my proposal is not about a complete package to > > manage JWT in general. > > It's rather some low level ability for Django to produce and decode > > simple HS256 JWT. Then other third-party libs could build on that > > ability to write more elaborate packages. > > > > The main doubt I have about my proposal is whether HS256 JWTs are too > > limited for most usages or in the contrary if they are appropriate for a > > fair amount of use cases. > > > > Claude > > > > Le 15.04.20 à 21:13, Abhijeet Viswa a écrit : > >> Hi, > >> > >> You might want check out django-restframework-simplejwt. It requires the > >> Django Rest Framework. But, then again, if you are making an API, you'd > >> already be using it. > >> > >> Regards, > >> Abhijeet > >> > >> On Thu, 16 Apr, 2020, 00:39 Claude Paroz, <cla...@2xlibre.net > >> <mailto:cla...@2xlibre.net>> wrote: > >> > >> Hi all, > >> > >> With the recent addition of the algorithm parameter to the > >> signing.Signer class, it's now rather straightforward for Django to > >> generate HS256 (non-encrypted) JSON Web Tokens. > >> With a growing popularity of JS-client/Django server communications > >> (DRF and al.), I think there might be some interest for Django to be > >> able to generate and decode such tokens. For any other types of JWTs > >> which generally require access to a cryptography module, we can > >> point users to third-party libs like PyJWT (the docs should be clear > >> about that). > >> > >> I made a proof-of-concept PR (docs missing) here: > >> - https://github.com/django/django/pull/12728 > >> > >> What people here think about that proposal? > >> > >> Claude > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/87ddf575-0756-b99e-51d8-99de1b258c21%402xlibre.net > . > -- Adam -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM2x%3D%2BB0xM0YRauHxwDDm2ymxeGmYqYCVdOMJS94-F4Xdg%40mail.gmail.com.
