From eafa2bbe75c642083e0084f0caae14ce019506c4 Mon Sep 17 00:00:00 2001 From: David Gillespie Date: Wed, 8 May 2024 19:31:57 -0600 Subject: [PATCH] update dj-rest-auth; Add token expirations to login response; Set refresh expiration at 30 days, and access token at 1 day; --- core/settings/__init__.py | 14 ++++++++++++++ requirements.txt | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/core/settings/__init__.py b/core/settings/__init__.py index 476cfc4..a080dd0 100644 --- a/core/settings/__init__.py +++ b/core/settings/__init__.py @@ -12,6 +12,7 @@ https://docs.djangoproject.com/en/2.2/ref/settings/ import os import smtplib +from datetime import timedelta try: from .local import * @@ -122,6 +123,19 @@ REST_FRAMEWORK = { REST_USE_JWT = True + +SIMPLE_JWT = { + 'ACCESS_TOKEN_LIFETIME': timedelta(days=1), + 'REFRESH_TOKEN_LIFETIME': timedelta(days=30), +} + + +REST_AUTH = { + "USE_JWT": True, + 'JWT_AUTH_RETURN_EXPIRATION': True, + 'JWT_AUTH_HTTPONLY': False, +} + AUTH_USER_MODEL = 'user.User' # Password validation diff --git a/requirements.txt b/requirements.txt index a7fea57..7f70fa2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,7 +5,7 @@ chardet==4.0.0 cryptography==3.4.7 defusedxml==0.7.1 dj-database-url==0.5.0 -dj-rest-auth==2.1.5 +dj-rest-auth==3.0.0 django-rest-swagger==2.2.0 Django==3.2.3 django-allauth==0.44.0