JWT views
Reference for the pre-built obtain, refresh, and blacklist views
shipped under restflow.authentication. See the
JWT guide for usage.
TokenObtainView
Bases: AsyncAPIView
Returns a fresh access and refresh token pair for a valid username and password.
Adds an async surface that authenticates via django.contrib.auth.aauthenticate.
get_authenticate_header(request)
Returns the WWW-Authenticate header value used on 401 responses.
post
async
Returns {access, refresh} tokens for the supplied credentials.
TokenRefreshView
Bases: AsyncAPIView
Returns a fresh access token for a valid refresh token.
Refreshing a blacklisted or expired refresh token raises 401.
get_authenticate_header(request)
Returns the WWW-Authenticate header value used on 401 responses.
post
async
Returns a new {access} token derived from the supplied refresh token. Rotates the refresh token when ROTATE_REFRESH_TOKENS is enabled.
TokenBlacklistView
Bases: AsyncAPIView
Blacklists a refresh token so it cannot mint further access tokens.
The token's JTI is added to the configured blacklist for the remainder of its lifetime.
get_authenticate_header(request)
Returns the WWW-Authenticate header value used on 401 responses.
post
async
Blacklists the supplied refresh token and returns 204.
TokenObtainSerializer
Bases: Serializer
Validates a username and password pair for a token obtain request.
TokenRefreshSerializer
Bases: Serializer
Validates a refresh token string.
TokenBlacklistSerializer
Bases: Serializer
Validates the refresh token to blacklist.