Ok, thanks. So, I was confused about two things on authenticating a user. 1. What to do with the token?
- You can pass the token as a query string and get that query params. Read more about how to get the query params here <https://channels.readthedocs.io/en/stable/getting-started.html#persisting-data>. - Or if you are already passing it in the request's authorization header, you can get it from there (like my final code below). Remeber to first fake that request. 2. How validate that token and get the user? - Finally, VerifyJSONWebTokenSerializer class was all I needed to validate the token, and get that token's user object. You can read the actual code of django-rest-framework-jwt here <https://github.com/GetBlimp/django-rest-framework-jwt/blob/master/rest_framework_jwt/serializers.py> . So, I ended up doing this way: def ws_connect(message): message.content.setdefault('method', 'FAKE') django_request = AsgiRequest(message) token = django_request.GET['token'].split(' ')[1] try: data = {'token': token} valid_data = VerifyJSONWebTokenSerializer().validate(data) user = valid_data['user'] ... ... message.reply_channel.send({ "accept": True }) except (KeyError, InvalidTokenError, ValidationError,): ... ... message.reply_channel.send({ "text": "Authentication error", "close": True }) On Fri, Sep 15, 2017 at 10:37 PM, Andrew Godwin <and...@aeracode.org> wrote: > You'll have to write your own authentication code that runs in `connect` > and puts a user into the channel session - there's nothing built in that > will really help you past that I'm afraid. > > Andrew > > On Thu, Sep 14, 2017 at 6:35 PM, Robin Lery <robinl...@gmail.com> wrote: > >> I am using a frontend framework (Vuejs <http://Vuejs.org>) and >> django-rest-framework <http://www.django-rest-framework.org/> for the >> REST API in my project. Also, for JSON web token authentication I am using >> django-rest-framework-jwt >> <http://getblimp.github.io/django-rest-framework-jwt/>. After a >> successful login, the user is provided with a token. This token is passed >> into every request to fetch any API related stuff. >> >> Now I would like to integrate django channels >> <https://channels.readthedocs.io/en/stable/index.html> into my project. >> So, after successful login, when the token is received in the client side, >> I would like to initiate a websocket connection. Then on the server >> (consumer), I would like to check if the requested user is not anonymous. >> If the requested user is anonymous, I would like to close the connenction >> or else accept it. >> >> This is how I have till now: >> >> client side: >> >> const socket = new WebSocket("ws://" + "dev.site.com"+ "/chat/"); >> >> routing.py: >> >> channel_routing = [ >> route("websocket.connect", ws_connect), >> ... >> ...] >> >> consumers: >> >> def ws_connect(message): >> >> # if the user is no anonymous >> message.reply_channel.send({ >> "accept": True >> }) >> >> # else >> message.reply_channel.send({ >> "close": True >> }) >> >> In the documentation >> <https://channels.readthedocs.io/en/stable/getting-started.html#authentication> >> there's a decorator @channel_session_user_from_http which will provide a >> message.user. But I am using a token instead of a session. How can I >> check a user on connection when using token authentication, so that I can >> accept or close connection. Or, if there is a better way could you please >> advise me with it. Thank you. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users+unsubscr...@googlegroups.com. >> To post to this group, send email to django-users@googlegroups.com. >> Visit this group at https://groups.google.com/group/django-users. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%2BLPzOu >> X1R3V%2BPOYt8U4QXA%40mail.gmail.com >> <https://groups.google.com/d/msgid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%2BLPzOuX1R3V%2BPOYt8U4QXA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-users/CAFwN1upzHZq%3Dk-scq92PvsatQE4LsQCqjE4DZ%2B- > VOFSzPC9o4w%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CAFwN1upzHZq%3Dk-scq92PvsatQE4LsQCqjE4DZ%2B-VOFSzPC9o4w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2B4-nGqPtcn0DqrG3-Mz0SgpUKWnHvt5g57qHCV4tBQCXPSx4w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
