Skip to content

Commit d3007fc

Browse files
stephanestephane
committed
Cleanup README.md
1 parent 1f49320 commit d3007fc

File tree

1 file changed

+24
-14
lines changed

1 file changed

+24
-14
lines changed

README.md

Lines changed: 24 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
[![pypi-version]][pypi]
55

66
## Overview
7+
78
This package provides [JSON Web Token
89
Authentication](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token)
910
support for Django by using [PyJWT](https://github.com/jpadilla/pyjwt).
@@ -24,7 +25,7 @@ New features from original code:
2425
Install using `pip`...
2526

2627
```shell
27-
$ pip install webstack-django-jwt-auth
28+
pip install webstack-django-jwt-auth
2829
```
2930

3031
## Usage
@@ -67,19 +68,18 @@ You can easily test if the endpoint is working by doing the following in your
6768
terminal, if you had a user created with the username **admin** and password
6869
**abc123**.
6970

70-
```bash
71-
$ curl -X POST -H "Content-Type: application/json" -d '{"username":"admin","password":"abc123"}' http://localhost:8000/token-auth/
71+
```shell
72+
curl -X POST -H "Content-Type: application/json" -d '{"username":"admin","password":"abc123"}' http://localhost:8000/token-auth/
7273
```
7374

74-
Now in order to access protected api urls you must include the `Authorization:
75-
Bearer <your_token>` header.
75+
Now in order to access protected api urls you must include the `Authorization: Bearer <your_token>` header.
7676

77-
```bash
78-
$ curl -H "Authorization: Bearer <your_token>" http://localhost:8000/protected-url/
77+
```shell
78+
curl -H "Authorization: Bearer <your_token>" http://localhost:8000/protected-url/
7979
```
8080

8181
There is also a provided middleware if you would prefer that to the view
82-
integration. Just add the following to your middleware:
82+
integration. Just add the following to your middleware:
8383

8484
```python
8585
MIDDLEWARE = (
@@ -89,6 +89,7 @@ MIDDLEWARE = (
8989
```
9090

9191
## Additional Settings
92+
9293
There are some additional settings that you can override similar to how you'd do
9394
it with Django REST framework itself. Here are all the available defaults.
9495

@@ -109,6 +110,7 @@ JWT_SECRET_KEY: SECRET_KEY
109110
JWT_VERIFY = True
110111
JWT_VERIFY_EXPIRATION = True
111112
```
113+
112114
This packages uses the JSON Web Token Python implementation,
113115
[PyJWT](https://github.com/progrium/pyjwt) and allows to modify some of it's
114116
available options.
@@ -117,14 +119,15 @@ available options.
117119

118120
Possible values:
119121

120-
> * HS256 - HMAC using SHA-256 hash algorithm (default)
121-
> * HS384 - HMAC using SHA-384 hash algorithm
122-
> * HS512 - HMAC using SHA-512 hash algorithm
123-
> * RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash algorithm
124-
> * RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash algorithm
125-
> * RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash algorithm
122+
- HS256 - HMAC using SHA-256 hash algorithm (default)
123+
- HS384 - HMAC using SHA-384 hash algorithm
124+
- HS512 - HMAC using SHA-512 hash algorithm
125+
- RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash algorithm
126+
- RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash algorithm
127+
- RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash algorithm
126128

127129
Note:
130+
128131
> For the RSASSA-PKCS1-v1_5 algorithms, the "secret" argument in jwt.encode is
129132
> supposed to be a private RSA key as imported with
130133
> Crypto.PublicKey.RSA.importKey. Likewise, the "secret" argument in jwt.decode
@@ -133,6 +136,7 @@ Note:
133136
Default is `"HS256"`.
134137

135138
### JWT_ALLOW_REFRESH
139+
136140
Enable token refresh functionality. Token issued from `jwt_auth.views.jwt_token`
137141
will have an `orig_iat` field.
138142

@@ -143,12 +147,14 @@ Default is `False`
143147
Typically, the base address of the resource being accessed, eg `https://example.com`.
144148

145149
### JWT_AUTH_HEADER_PREFIX
150+
146151
You can modify the Authorization header value prefix that is required to be sent
147152
together with the token.
148153

149154
Default is `Bearer`.
150155

151156
### JWT_EXPIRATION_DELTA
157+
152158
This is an instance of Python's `datetime.timedelta`. This will be added to
153159
`datetime.utcnow()` to set the expiration time.
154160

@@ -171,19 +177,23 @@ care to set only required URLs because the middleware will accept
171177
non-authenticated requests (no JWT) to these endpoints.
172178

173179
### JWT_PAYLOAD_GET_USER_ID_HANDLER
180+
174181
If you store `user_id` differently than the default payload handler does,
175182
implement this function to fetch `user_id` from the payload.
176183

177184
### JWT_PAYLOAD_HANDLER
185+
178186
Specify a custom function to generate the token payload
179187

180188
### JWT_REFRESH_EXPIRATION_DELTA
189+
181190
Limit on token refresh, is a `datetime.timedelta` instance. This is how much
182191
time after the original token that future tokens can be refreshed from.
183192

184193
Default is `datetime.timedelta(days=7)` (7 days).
185194

186195
### JWT_SECRET_KEY
196+
187197
This is the secret key used to encrypt the JWT. Make sure this is safe and not
188198
shared or public.
189199

0 commit comments

Comments
 (0)