Hi. Note that JWT is not encryption but cryptography signing. So password would be in clear plaintext in JWT payload. Also storing password in session might not be a good thing depending where your sessions are stored since again, password would be plain text there as well.
If you really need to use plain text password storing a secondary "I don't care what happens with this password" would be better solution to access remote services. On Fri, Jan 18, 2019 at 2:33 AM Wandss <[email protected]> wrote: > Hi everyone, > > I'd like to know if anyone could point me to a solution to a problem that > seems to be easy. > > I've built an API and I'm authenticating users with djangorest_jwt. > After user has been authenticated, I'll have to "programmatcially" consume > another API which I connect with requests using BasicAuthentication, > meaning I'll have to pass to this other API the users's plain text password. > > Using only Django I could store user's password into a session variable > and retrieve it later on any other view. > > How could I solve this situation without sessions? > Has anyone ever experienced this situation? > > Regards you all and > Happy coding !!! > > -- > You received this message because you are subscribed to the Google Groups > "Django REST framework" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Jani Tiainen - Well planned is half done, and a half done has been sufficient before... -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
