Adds blacklist token feature as separate subapp

[hoIIer]

Builds off work submitted by @avimeir and the discussion at #89

[hoIIer]

Tested this in a local project by logging into my app with a distant expiring JWT_EXPIRATION_DATE, issuing a POST to /api/v1/auth-token-blacklist/ with the token, and then attempting to access the api (navigated to another page with api call). A 401 Unauthorized is issued and I am logged out of my ember app as expected... Let me know if anyone has input.. seems like nice feature

[hoIIer]

Should this package include an admin.py for the default black list token implementation? Should the JWTBlackListToken model include any other fields like the actual token value?

[avimeir]

@erichonkanen nice work!

I'd add the exp claim to the model, so that we can later clean-up the DB by removing all expired tokens.

[hoIIer]

@avimeir thanks! should the exp be a DateTimeField or CharField? I know the format it comes in as is seconds since epoch

[hoIIer]

def jwt_blacklist_set_handler(payload):
    """
    Default implementation that blacklists a jwt token.
    """
    jti = payload.get('jti')
    exp = datetime.fromtimestamp(payload.get('exp'))

    return models.JWTBlackListToken.objects.create(jti=jti, expires_at=exp)

Made it DateTimeField and just converted

[hoIIer]

@jpadilla ran git rebase, fixed conflicts but Im noticing this effectively made a 2nd copy of every commit now at the front.. is this expected or did I do it wrong? Ive mostly just used rebase to squash commits in the past...

[jpadilla]

@erichonkanen oh snap, could you perhaps squash all of this into one commit then?

[hoIIer]

Cleaned commit history and submitted in new PR

[uber1geek]

How can i implement this feature @erichonkanen ?