JWT Authentication with RSA with Django
This is one of my last articles on medium. If you’d like to keep in touch you can find me at https://blog.theengineeringcompass.com/
Topics covered:
- JWT Structure and how it works
- JWT User Authentication using HS256
- JWT User Authentication using RSA
- JWT User Refresh Token
Before starting…where do we want to get?
The scenario we will try to implement consists of building a django-rest-framework API that will authenticate the user using a custom username and password and return a token containing the user’s data.
In the second part of this article, we will have a look at how to refresh the token workflow.
What is JWT?
JWT (JSON Web Token) is a JSON open standard used for creating access tokens that represent a set of claims (e.g. authenticated as an admin) as a JSON object that is encoded in a JSON web signature or JSON Web Encryption structure. The information can be verified and trusted because it is digitally signed using a secret (with the HMAC algorithm) or a public/private key pair (RSA or ECDSA).
The JWT format is based on three parts:
- header: contains the algorithm used to generate the…