Is the JWT token stored in the same table as the DRF token?

Question

I'm hoping that someone could please clear up a confusion I have with JWT and regular token authentication in django_rest_auth and django_rest_framework.

I'm using django_rest_auth with JWT (REST_USE_JWT = True). I am using the rest_auth.registration views and the rest_auth views and have set my default authentication class to 'rest_framework_jwt.authentication.JSONWebTokenAuthentication'.

I have included the urls from rest_auth and set up the following urlurl(r'^api-token-auth/', obtain_jwt_token), from rest_framework_jwt docs.

When I register a new user, I expect the following code from the rest_auth RegisterView to be run:

if getattr(settings, 'REST_USE_JWT', False):
    self.token = jwt_encode(self.user)

But in the Django Admin, I see that there is the Auth Token table, 'Tokens', with a token that looks like a normal token if I had used Django's built in Token Authentication. Indeed, when I go to /rest-auth/login endpoint, it returns this same token, e.g. {"key":"6b705cbab083833c38414d4c6e4970c0abbb0c9f"}. However, when I go to the api-token-auth/ endpoint for this user, I get the JWT token: {"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6InJvYmVydEByb2JlcnRjaHUuY28udWsiLCJleHAiOjE0NjY2ODI5MjcsInVzZXJfaWQiOjIsInVzZXJuYW1lIjoicm9iZXJ0QHJvYmVydGNodS5jby51ayJ9.IvJIQBY95TrQp3V483GVdpV0fQKedMk9hWEFytMRidU"}

Are these keys and token interchangeable? Could I use both tokena for the same user? Surely, I should only have one token option to access protected endpoints?

Thanks.

Answer 1

See here and here. The JWT is not supposed to be stored anywhere which is one of the benefits over the drf tokens - you don't hit the db on every request. Also if you want to only use the JWT for authentication you should get rid of the endpoint for token authentication (the one that comes with drf).