This project implements a secure authentication API using JSON Web Tokens (JWT) with Django Rest Framework. It allows users to authenticate, generate access tokens, refresh tokens, and manage their sessions.
- User registration and login endpoints.
- JWT-based authentication for secure communication.
- Token expiration and refresh mechanism.
- CORS (Cross-Origin Resource Sharing) handling using
django-cors-headers. - Access control through accepted origins.
- Clone the repository:
git clone https://github.com/yourusername/your-authentication-api.git cd your-authentication-api - Create and activate a virtual environment
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
- Install project dependencies
pip install -r requirements.txt
- Setup the database
python manage.py migrate
- Start the development server
python manage.py runserver
- Login:
POST accounts/token/- Request
{ "username": "your_username", "password": "your_password" }- Response
{ "access": "your_access_token", "refresh": "your_refresh_token" } - Verify:
POST accounts/token/verify/- Request
{ "token": "your_token" }- Response
{ } if valid - Refresh:
POST accounts/token/refresh/- Request
{ "refresh": "your_refresh_token" }- Response
{ "access": "your_new_access_token" }
Access Token: Expires in 10 seconds. Use the refresh token to get a new access token. Refresh Token: Expires in 30 seconds. After expiration, users need to log in again
Cross-Origin Resource Sharing (CORS) is configured using django-cors-headers. You can customize allowed origins and headers in the project settings
CORS_ALLOW_ALL_ORIGINS = False
CORS_ALLOWED_ORIGINS = [
"http://localhost:8001",
"https://your-frontend-domain.com",
]