1

我正在实现一个自定义 JSONWebTokenSerializer。到目前为止它工作正常,但我需要启用令牌刷新,但是当我这样做并尝试刷新令牌时,我收到验证错误orig_iat field is required。在检查从 返回的有效负载时jwt_payload_handler,没有任何orig_iat field属性。

class CustomJWTSerializer(JSONWebTokenSerializer):

@property
def username_field(self):
    return "username_or_email_or_phone"

def validate(self, attrs):
    username = attrs.get('username_or_email_or_phone', None)
    credentials = {
        'username': username,
        'password': attrs.get('password')
    }

    if all(credentials.values()):
        user = authenticate(**credentials)

        if user:
            if not user.is_active:
                raise serializers.ValidationError(
                    'This user has been deactivated.'
                )

            payload = jwt_payload_handler(user)

            return {
                'token': jwt_encode_handler(payload),
                'user': user
            }

        else:
            raise serializers.ValidationError(
                'A user with this credentials was not found.'
            )

    else:
        msg = _('Please provide an (username or email or phone number) and password.')
        raise serializers.ValidationError(msg)

这是我的JWT_AUTH设置:

JWT_AUTH = {
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER': 'common.utilities.auth.jwt_response_payload_handler',
'JWT_AUTH_HEADER_PREFIX': 'Bearer',
'JWT_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_payload_handler',
'JWT_ALLOW_REFRESH': False,

}
4

1 回答 1

1

如果 JWT_ALLOW_REFRESH 为 True,则可以“刷新”未过期的令牌以获得具有更新过期时间的全新令牌。 [ JWTDoc ]

抱歉,发现了我的bug。更改'JWT_ALLOW_REFRESH': False'JWT_ALLOW_REFRESH': True,.. 现在可以使用

于 2018-12-11T06:23:39.430 回答