Can some one simplify jwt authentication and authorisation in Django Ninja?

Question

I have recently started using Django ninja for REST API. I found it extremely easy but for the authentication flow. I just can't understand what exactly I can do for the following. Create a registration API which registers a user with email address, password and full name (later I may add other stuff ). Send username and password to a view with the url api/login and then get a jwt token. Note that just one jwt token is sufficient for now, so pair is not necessary. Now protect a few important views and only allow access if the token is valid. I understand that @router.get, post etc will have one injection of this middleware. But I can't get a simple tutorial or article that tells me exactly what I need to do. Every one has some different approach, some using framework_simplejwt and some doing it with ninja-extra. I just need a plain simple flow. So any help would be appreciated. I understand that I need to extent the django user class and also I understand router and api objects. All I need is that I create token using the secret key and issue it on login and then check it on every subsequent request.

Answer 1

In your description, I write some example codes with ninja_jwt, authorization with email and password.

from django.contrib.auth import get_user_model
from ninja_jwt.tokens import Token

@user_router.post('/login', auth=None)
def login(request, payload: SignInSchema): 
    user_model = get_user_model()
    try:
        user = user_model.objects.get(email=payload.email)
    except user_model.DoesNotExist:
        # User is not existed
        return 
    if user.check_password(payload.password):
        # User Password incorrectly 
        return
    token = Token.for_user(user)
    return token

Answer 2

You can check django-ninja-jwt. It`s pretty straightforward and you can customize it to your preferences in your django project settings.py(check django-ninja-jwt/settings)