JWT Authentication in Django & FastAPI: A Secure Implementation Guide

Why Use JWT Authentication?

JSON Web Tokens (JWT) provide a secure and stateless way to handle authentication. Unlike session-based authentication, JWT allows authentication to be handled entirely on the client side, making it ideal for modern web and mobile applications.

Benefits of JWT:

  • Stateless authentication (no need for session storage)
  • Secure and scalable for APIs
  • Works seamlessly across different frameworks and platforms

Implementing JWT in Django with Django REST Framework (DRF)

If you're new to building APIs with Django, check out my Beginner’s Guide to Django APIs to set up the basics before implementing authentication.

Step 1: Install Required Packages

pip install djangorestframework-simplejwt

Step 2: Configure Django Settings

Modify settings.py to add JWT authentication:

INSTALLED_APPS = [
    ...
    'rest_framework',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
}

Step 3: Create Token Views

Modify urls.py to include token generation endpoints:

from django.urls import path
from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView

urlpatterns = [
    path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
    path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
]

Step 4: Protecting Routes

In views.py, use @permission_classes to secure API endpoints:

from rest_framework.permissions import IsAuthenticated
from rest_framework.decorators import api_view, permission_classes
from rest_framework.response import Response

@api_view(['GET'])
@permission_classes([IsAuthenticated])
def secure_endpoint(request):
    return Response({"message": "You have accessed a protected endpoint!"})

Implementing JWT in FastAPI

If you're deciding between Django and FastAPI for your next project, check out my comparison: Django vs. FastAPI – Which One Should You Choose?

Step 1: Install Dependencies

pip install fastapi[all] pyjwt python-multipart

Step 2: Create a JWT Utility Module

from datetime import datetime, timedelta
from jose import JWTError, jwt

SECRET_KEY = "your_secret_key"
ALGORITHM = "HS256"

# Generate JWT token
def create_access_token(data: dict, expires_delta: timedelta = timedelta(hours=1)):
    to_encode = data.copy()
    expire = datetime.utcnow() + expires_delta
    to_encode.update({"exp": expire})
    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)

Step 3: Protect Routes in FastAPI

from fastapi import Depends, HTTPException, status, FastAPI
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt

app = FastAPI()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

def verify_token(token: str = Depends(oauth2_scheme)):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        return payload
    except JWTError:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid token",
        )

@app.get("/protected")
def protected_route(user: dict = Depends(verify_token)):
    return {"message": "Welcome to the secure route!"}

Next Steps

Now that you’ve implemented JWT authentication in Django and FastAPI, here are some next steps:

Conclusion

JWT authentication is a powerful way to secure APIs in Django and FastAPI. By implementing it correctly, you can create scalable, secure, and efficient authentication systems for your applications.

STAY IN TOUCH

Get notified when I publish something new, and unsubscribe at any time.