Scribd
Upload
2 views5 pages

Django REST Framework With Simple JWT (JSON Web Token)_ Steps on How to Sign and Verify Using the RSA Algorithm - DeV Community

This document provides a step-by-step guide for implementing JWT authentication in Django using the RSA algorithm. It covers generating private and public keys, configuring Django settings to use these keys, and ensuring the necessary libraries are installed. The guide also includes instructions for formatting key values for use in environment variables.

Uploaded by

nerd$
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views5 pages

Django REST Framework With Simple JWT (JSON Web Token)_ Steps on How to Sign and Verify Using the RSA Algorithm - DeV Community

This document provides a step-by-step guide for implementing JWT authentication in Django using the RSA algorithm. It covers generating private and public keys, configuring Django settings to use these keys, and ensuring the necessary libraries are installed. The guide also includes instructions for formatting key values for use in environment variables.

Uploaded by

nerd$
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Jen C.

Posted on 22 de mar.

Django REST Framework with Simple JWT


(JSON Web Token): Steps on how to sign and
verify using the RSA algorithm
#webdev #jwt #django #tutorial

Prerequisites
Before getting started, ensure you have completed the setup for Simple JWT

Background
In order to use the RSA algorithm, we need to have a private key and a public key.
The private key is used during the signing process of generating the token. The
public key is used to verify that the token is valid.

Step-by-Step Guide
1. Generate Private and Public Keys
openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048

and

openssl rsa -pubout -in private.key -out public.key

2. Configure Django to Use the Keys


For local development, add environment variables SIGNING_KEY and VERIFYING_KEY in
the .env file.

However, the key values contain newline characters, which are invalid in .env files. To
fix this, convert the keys into a valid format before setting the values.

Example of the original key format:

-----BEGIN PRIVATE KEY-----


MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDtdRdOlG4bNyp7
...

-----END PRIVATE KEY-----

For example, in VSCode, enable Regex and find all \n in the key value and replace it
with \\n

After formatting:

Set the formatted keys in your .env file:

• SIGNING_KEY : Formatted private key


• VERIFYING_KEY : Formatted public key

3. Update Django Settings


In your settings.py file, read the keys from the environment variables and replace the
text \\n with the actual newline character \n :

SIGNING_KEY = env('SIGNING_KEY').replace("\\n", "\n")


VERIFYING_KEY = env('VERIFYING_KEY').replace("\\n", "\n")

4. Configure SIMPLE_JWT
Make sure to provide ALGORITHM , SIGNING_KEY and VERIFYING_KEY in SIMPLE_JWT in
setting.py

SIMPLE_JWT = {

...

"ALGORITHM": "RS256",
"SIGNING_KEY": SIGNING_KEY,
"VERIFYING_KEY": VERIFYING_KEY
}

5. Install Cryptography Library


Make sure cryptography library is installed: Cryptographic Dependencies (Optional)
pip install djangorestframework-simplejwt[crypto]

Or, if you use Poetry

poetry add "djangorestframework-simplejwt[crypto]"

Top comments (0)

Code of Conduct Report abuse

Postmark PROMOTED

"Please fix this..."


"Please fix this..."
Focus on creating stellar experiences without email headaches. Postmark's
reliable API and detailed analytics make your transactional emails as polished
as your product.

Start free

Jen C.

Front-End Engineer passionate about full-stack development

JOINED
4 de jun. de 2023

More from Jen C.

Security - Solving the "Content Security Policy (CSP) Header Not Set" in Next.js
nextjs webdev security javascript

Jest - How to verify that an element does not exist in the rendered output
jest react testing webdev

Jest - Testing with React and React Testing Library: Useful APIs
jest react testing webdev

Sentry PROMOTED
Make it make sense
Make sense of fixing your code with straight-forward application monitoring.

Start debugging →

You might also like