From 27bca05b31d4103fb9f628d0df884b0ee8b60015 Mon Sep 17 00:00:00 2001 From: Oscar Chen Date: Wed, 10 Jan 2024 17:37:15 -0700 Subject: [PATCH] Update readme --- readme.md | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/readme.md b/readme.md index cfaf993..049d502 100644 --- a/readme.md +++ b/readme.md @@ -18,7 +18,7 @@ INSTALLED_APPS = [ ] ``` -Expose `Django-ninja`'s API and add `ninja_simple_jwt`;s auth API endpoint router to the API, ie: +Expose `Django-ninja`'s API and add `ninja_simple_jwt`'s auth API endpoint router to the API, ie: ```python # urls.py @@ -38,7 +38,13 @@ This would provide 4 available auth API endpoints for mobile and web sign in and - {{server_url}}/api/auth/web/sign-in - {{server_url}}/api/auth/web/token-refresh -To provide a resource API, you can use the `HttpJwtAuth` as the auth argument when instantiating a Router, ie: +_If you are not exposing the API and routers at the exact path as the example above, +see [`WEB_REFRESH_COOKIE_PATH`](#WEB_REFRESH_COOKIE_PATH) setting regarding web auth token refresh path._ + +_See more regarding the web auth endpoint design in [documentation below](#why-are-the-web-endpoints-designed-to-handle-access-and-refresh-tokens-like-this)._ + + +To protect a resource API, you can use the `HttpJwtAuth` as the auth argument when instantiating a Router, ie: ```python # views.py @@ -63,7 +69,7 @@ You should see two files created in the root of project repository: ## Documentation -### JWT signing key storage +### Customizing JWT key storage By default, the management command `make_rsa` will create and store the JWT key pairs in the root of your project directory, this is only intended for development. @@ -72,18 +78,23 @@ you are using `django-storages` to access AWS S3. ```python # some_project_dir/my_jwt_key_storage.py + from storages.backends.s3boto3 import S3Boto3Storage + aws_s3_key_storage = S3Boto3Storage(bucket_name="MySecretJwtKeysStorage") ``` and provide the above storage instance in Django settings: ```python # settings.py -JWT_KEY_STORAGE = "some_project_dir.my_jwt_key_storage.aws_s3_key_storage" +NINJA_SIMPLE_JWT = { + "JWT_KEY_STORAGE": "some_project_dir.my_jwt_key_storage.aws_s3_key_storage", + ... +} ``` You can provide any custom storage implementation in this setting provided that they follow Django's Storage API. -### Auth endpoints +### Enabling auth API endpoints #### Mobile You can enable the mobile auth end points by adding a provided router to the ninja API class: @@ -204,17 +215,26 @@ used for refreshing the tokens, therefore reducing attack surfaces further. ## Settings +All settings specific for this library is stored as key-value pairs under Django setting `NINJA_SIMPLE_JWT`, ie: + +```python +# settings.py +NINJA_SIMPLE_JWT = { + ... +} +``` + ### JWT_KEY_STORAGE -Storage class instance used to store JWT key pairs. Defaults to "ninja_simple_jwt.jwt.key_store.local_disk_key_storage". +Storage class instance used to store JWT key pairs. Defaults to `"ninja_simple_jwt.jwt.key_store.local_disk_key_storage"`. ### JWT_PRIVATE_KEY_PATH -Path to the private key, defaults to "jwt-signing.pem". +Path to the private key, defaults to `"jwt-signing.pem"`. ### JWT_PUBLIC_KEY_PATH -Path to the public key, defaults to "jwt-signing.pub". +Path to the public key, defaults to `"jwt-signing.pub"`. ### JWT_REFRESH_COOKIE_NAME -Name of the refresh cookie (used only by web auth endpoints), defaults to "refresh". +Name of the refresh cookie (used only by web auth endpoints), defaults to `"refresh"`. ### JWT_REFRESH_TOKEN_LIFETIME @@ -230,8 +250,8 @@ Whether to use secure cookie for refresh token, defaults to `not settings.DEBUG` Whether to use httponly cookie for refresh token, defaults to `True`. ### WEB_REFRESH_COOKIE_SAME_SITE_POLICY -Same-site policy to be used for refresh token cookie, defaults to "Strict". +Same-site policy to be used for refresh token cookie, defaults to `"Strict"`. ### WEB_REFRESH_COOKIE_PATH This is the path set on the cookie for refresh token, this path needs to match the url endpoint you are exposing for -web token refresh. Defaults to "/api/auth/web/token-refresh". +web token refresh. Defaults to `"/api/auth/web/token-refresh"`.