Milad
Reputation: 473
Django simplejwt JWTAuthentication Permission
I'm using rest_framework_simplejwt.authentication.JWTAuthentication in Django to create tokens for our users. But some users have limited user permissions[in the admin panel]. For example they only allow to get articles and nothing else. But the token that simplejwt creates allow user to get all other data as well.
Is there a way to adjust it? I think simplejwt overwrites the Django permissions.
Upvotes: 0
Views: 1359
Answers (1)
Arvind Kumar
Reputation: 973
The token is used just for Authentication purposes, not for Authorisation purposes. You need to use permissions for assigning permissions to different users. Read about django permissions here. If you need to customize permissions, you can extend DjangoModelPermissions class.
Upvotes: 2
Related Questions
- Implement djangorestframework-simplejwt token authentication without password
- Django Rest Framework Simple JWT getting anonymous user
- JWT authentication returns AnonymousUser in Django Rest Framework with SimpleJWT
- How to implement jwt authentication using django rest auth?
- Django Rest Framework Custom JWT authentication
- JWT authentication in django rest framework
- Django-rest-framework - JWT authentication
- Django Rest Framework JWT "Authentication credentials were not provided."}
- Authentication using JWT in Django
- django JWT asking for username/password