Authentication

Basic auth handling will be done via djoser with drf JWT. Djoser supports both in-app users and integration with social services.

User manipulation

Standard endpoints implemented by djoser

  • /users/ (POST = registration)

  • /users/me/

  • /users/confirm/

  • /users/resend_activation/

  • /users/set_password/

  • /users/reset_password/

  • /users/reset_password_confirm/

  • /users/set_username/

  • /users/reset_username/

  • /users/reset_username_confirm/

They implement basic registration and account manipulation. They are dependent on the default user objects (custom objects) and user managers

Custom endpoints

  • /users/me/settings

  • /users/me/templates?lang=*language*

From User settings

JWT

The JWT has to contain a list of groups for every user, so that it would be easier for the backend to manage permissions. (See custom serializers)

A response may have a X-Refresh-Token: 1 header in order to prompt the user application to update the token with the new groups.

Djoser JWT endpoints

  • /auth/jwt/create/

  • /auth/jwt/refresh/

  • /auth/jwt/verify/