Added authentication endpoints #72
Conversation
…g Python, so its impossible to build C extensions afterwards, wcwidth==0.2.6 and cwcwidth==0.1.8 in this case
|
@maunga-et thank you for the work on this, I'll test out the changes today. Before, I review, could you please resolve the failing flake8 checks? I recommend running a tool like flake8 or black automatically to format and lint your code when you save files and before creating PR, that way the code we write will be consistent and inline with PEP 8 standard. |
I will do that thanks. |
backend/authentication/views.py
Outdated
| httponly=settings.SIMPLE_JWT["AUTH_COOKIE_HTTP_ONLY"], | ||
| samesite=settings.SIMPLE_JWT["AUTH_COOKIE_SAMESITE"], | ||
| max_age=823396, | ||
| # domain='example.com' |
There was a problem hiding this comment.
Let's remove these unnecessary comments. We can add these back in later if we need them
There was a problem hiding this comment.
Another point, I just thought of @maunga-et . Let's make the access token valid for 10 mins and then, once we have a refresh token, we can set it to be valid for 2 weeks.
This will allow users to keep logged in without having to reauthenticate as long as they are still using the site.
There was a problem hiding this comment.
Okay I am on it thanks.
backend/authentication/views.py
Outdated
| response.set_cookie( | ||
| key=settings.SIMPLE_JWT["AUTH_COOKIE"], | ||
| max_age=0, | ||
| # domain='example.com', |
There was a problem hiding this comment.
@maunga-et Same as above, we can remove this comment.
| @@ -25,4 +25,5 @@ | |||
| path("api/posts/<int:pk>/", views.PostDetail.as_view(), name="post-detail"), | |||
| path("api/posts/delete/<int:pk>/", views.PostDelete.as_view(), name="post-delete"), | |||
| path("api/signup", views.SignUpView.as_view(), name="signup-view"), | |||
| path("api/v2/auth/", include("authentication.urls")), | |||
There was a problem hiding this comment.
@maunga-et let's not change the api version yet. I recommend we name the JWT endpoints something like api/token/. Then we can have endpoints like:
api/token/for generating a token keypair or loginapi/token/refresh/to generate new refresh tokens andapi/token/logoutto invalidate & blacklist tokens and then log the user out.
There was a problem hiding this comment.
@maunga-et, great work on this!
My ask is that you make the requested changes to lint the files, change the urlpattern and remove the unnecessary comments. Once we have that in place, this PR will be good to merge.
We can improve on the auth stuff by adding token refresh, logout and views to blacklist invalid tokens. @TaqsBlaze has started that work in #74
|
Hey @maunga-et, did you close this PR in error? |
No description provided.