API ~ JWT Documentation

JWT Authentication:

Overview:

When a user or entity interacts with an API endpoint, there isn't a direct way for such users to be authenticated. Therefore, when setting up protected endpoints, simple JWT authentication allows for such authentication. As part of the Django rest framework module, simpleJWT allows for the generation and verification of JWTs, or JSON Web Tokens. These tokens are successfully generated through a "generate token" API endpoint where the user must enter proper credentials. If the credentials are clear (for instance, user is shown to be an admin user) then "accept" and "refresh" tokens are created. The user can then create requests at JWT-protected endpoints with the encoded data found in the "accept" token. The refresh token allows the user to make an API request at a refresh token endpoint to generate a new "accept" token without having to re-enter credentials.

Current Implementation:

As of now, due to the lack of front-end capabilities, the only way to show the functionality of JWT authentication is through an API request interface called Postman. Normally, an entity would "log-in" through the front-end of the server, and an automatic GET request would be sent to the token API endpoint, retrieving either a token or "Bad-Request" if there is a lack of clearance. However, we are simply sending the GET request to the Token API endpoint (via URL), and entering the retrieved "accept" token in Postman along with the proper request to whichever protected endpoint we want to access (for example the GET User list endpoint). Will give bad request if token is expired or invalid. For testing purposes, the access token expiration is set to one day after creation.