JWT Authentication with RSA with Django

This is one of my last articles on medium. If you’d like to keep in touch you can find me at https://blog.theengineeringcompass.com/

Topics covered:

• JWT Structure and how it works
• JWT User Authentication using HS256
• JWT User Authentication using RSA
• JWT User Refresh Token

Before starting…where do we want to get?

The scenario we will try to implement consists of building a django-rest-framework API that will authenticate the user using a custom username and password and return a token containing the user’s data.

In the second part of this article, we will have a look at how to refresh the token workflow.

What is JWT?

JWT (JSON Web Token) is a JSON open standard used for creating access tokens that represent a set of claims (e.g. authenticated as an admin) as a JSON object that is encoded in a JSON web signature or JSON Web Encryption structure. The information can be verified and trusted because it is digitally signed using a secret (with the HMAC algorithm) or a public/private key pair (RSA or ECDSA).

The JWT format is based on three parts:

• header: contains the algorithm used to generate the…