How to authenticate a user in websocket connection in django channels when using token authentication
Robin Lery
I am using a frontend framework (Vuejs) and django-rest-framework for the REST API in my project. Also, for JSON web token authentication I am using django-rest-framework-jwt. After a successful login, the user is provided with a token. This token is passed into every request to fetch any API related stuff.
Now I would like to integrate django channels into my project. So, after successful login, when the token is received in the client side, I would like to initiate a websocket connection. Then on the server (consumer), I would like to check if the requested user is not anonymous. If the requested user is anonymous, I would like to close the connenction or else accept it.
This is how I have till now:
client side:
const socket = new WebSocket("ws://" + "dev.site.com"+ "/chat/");routing.py:
channel_routing = [
route("websocket.connect", ws_connect),
...
...
]consumers:
def ws_connect(message):
# if the user is no anonymous
message.reply_channel.send({
"accept": True
})
# else
message.reply_channel.send({
"close": True
})In the documentation there's a decorator @channel_session_user_from_http which will provide a message.user.
But I am using a token instead of a session. How can I check a user on
connection when using token authentication, so that I can accept or
close connection. Or, if there is a better way could you please advise
me with it. Thank you.
Andrew Godwin
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2B4-nGp5KhvYKdhD%3Dufus-jmHz%2BN%2BLPzOuX1R3V%2BPOYt8U4QXA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Robin Lery
1. What to do with the token?
- You can pass the token as a query string and get that query params. Read more about how to get the query params here.
- Or if you are already passing it in the request's authorization header, you can get it from there (like my final code below). Remeber to first fake that request.
- Finally, VerifyJSONWebTokenSerializer class was all I needed to validate the token, and get that token's user object. You can read the actual code of django-rest-framework-jwt here.
So, I ended up doing this way:
message.content.setdefault('method', 'FAKE')
django_request = AsgiRequest(message)
token = django_request.GET['token'].split(' ')[1]
try:
data = {'token': token}
valid_data = VerifyJSONWebTokenSerializer().validate(data)
user = valid_data['user']
...
...
message.reply_channel.send({
"accept": True
})
except (KeyError, InvalidTokenError, ValidationError,):
...
...
message.reply_channel.send({
"text": "Authentication error",
"close": True
})
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFwN1upzHZq%3Dk-scq92PvsatQE4LsQCqjE4DZ%2B-VOFSzPC9o4w%40mail.gmail.com.
Dominik Szmaj
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
Dominik Szmaj
You received this message because you are subscribed to a topic in the Google Groups "Django users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-users/io01DlrEszg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2f013dc0-597b-43ad-acd1-b9643d6d167d%40googlegroups.com.