Re: Get user password from JWT
Hi Jani, thanks for answering and for all tips as well. I'm aware that any proposed (supposed) option (saving plain text password into session or or in JWT) is good. But how could you suggest connecting to this remote service API wich uses only Basic Authentication? Which options are there for solving this? Since the remote service will return an object, how about calling this service at login view, retrieve the object an then serialize it? (Don't know if this could ever work) Once again, thanks you all. Em sex, 18 de jan de 2019 às 10:19, Jani Tiainen escreveu: > Hi. > > Note that JWT is not encryption but cryptography signing. So password > would be in clear plaintext in JWT payload. Also storing password in > session might not be a good thing depending where your sessions are stored > since again, password would be plain text there as well. > > If you really need to use plain text password storing a secondary "I don't > care what happens with this password" would be better solution to access > remote services. > > > On Fri, Jan 18, 2019 at 2:33 AM Wandss wrote: > >> Hi everyone, >> >> I'd like to know if anyone could point me to a solution to a problem that >> seems to be easy. >> >> I've built an API and I'm authenticating users with djangorest_jwt. >> After user has been authenticated, I'll have to "programmatcially" >> consume another API which I connect with requests using >> BasicAuthentication, meaning I'll have to pass to this other API the >> users's plain text password. >> >> Using only Django I could store user's password into a session variable >> and retrieve it later on any other view. >> >> How could I solve this situation without sessions? >> Has anyone ever experienced this situation? >> >> Regards you all and >> Happy coding !!! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django REST framework" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-rest-framework+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Jani Tiainen > > - Well planned is half done, and a half done has been sufficient before... > > -- > You received this message because you are subscribed to the Google Groups > "Django REST framework" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-rest-framework+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Get user password from JWT
Hi. Note that JWT is not encryption but cryptography signing. So password would be in clear plaintext in JWT payload. Also storing password in session might not be a good thing depending where your sessions are stored since again, password would be plain text there as well. If you really need to use plain text password storing a secondary "I don't care what happens with this password" would be better solution to access remote services. On Fri, Jan 18, 2019 at 2:33 AM Wandss wrote: > Hi everyone, > > I'd like to know if anyone could point me to a solution to a problem that > seems to be easy. > > I've built an API and I'm authenticating users with djangorest_jwt. > After user has been authenticated, I'll have to "programmatcially" consume > another API which I connect with requests using BasicAuthentication, > meaning I'll have to pass to this other API the users's plain text password. > > Using only Django I could store user's password into a session variable > and retrieve it later on any other view. > > How could I solve this situation without sessions? > Has anyone ever experienced this situation? > > Regards you all and > Happy coding !!! > > -- > You received this message because you are subscribed to the Google Groups > "Django REST framework" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-rest-framework+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Jani Tiainen - Well planned is half done, and a half done has been sufficient before... -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Get user password from JWT
Hi everyone, I'd like to know if anyone could point me to a solution to a problem that seems to be easy. I've built an API and I'm authenticating users with djangorest_jwt. After user has been authenticated, I'll have to "programmatcially" consume another API which I connect with requests using BasicAuthentication, meaning I'll have to pass to this other API the users's plain text password. Using only Django I could store user's password into a session variable and retrieve it later on any other view. How could I solve this situation without sessions? Has anyone ever experienced this situation? Regards you all and Happy coding !!! -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
