Middleware enables the DRF JwtAuthentication authentication class for
endpoints using the LoginRedirectIfUnauthenticated permission class.
Enables a DRF view to redirect the user to login when they are
unauthenticated. It automatically enables JWT-cookie-based
authentication by setting the `USE_JWT_COOKIE_HEADER` for endpoints
using the LoginRedirectIfUnauthenticated permission.
This can be used to convert a plain Django view using login_required
into a DRF APIView, which is useful to enable our DRF JwtAuthentication
NOTE: This includes a breaking change that is unlikely to affect anyone
unless they subclassed JwtAuthCookieMiddleware, which switched from
using `process_request` to `process_view` so it would not run before
this new middleware.
Version 2.3.2 was released without bumping its version number. This fixes that.
See https://docs.djangoproject.com/en/1.11/topics/http/middleware/upgrading-pre-django-1-10-style-middleware for details. This release will remove many `RemovedInDjango20Warning`s for clients of this library.
Fix call to is_jwt_authenticated when the request has no successful_authenticator attribute
This release adds a helper method in `edx_rest_framework_extensions/auth/jwt/authentication.py` to get decoded hwt token from `request.auth`
Revert 'Update cookies.get_decoded_jwt logic to also query jwt cookiefrom request.auth'
This release updates the logic of `edx_rest_framework_extensions.auth.jwt.cookies.get_decoded_jwt` so that jwt cookie is queried in `request.auth` if not found in `request.COOKIES`.
This release bumps the version of `default_latest_supported` value to 1.2.0
It should be noted that there was a user_id jwt claim added to edx-platform while at version 1.1.0, however the version of the jwt was not bumped at that time.
Several auth classes and methods were refactored and the
backward incompatible imports have been removed.
Important: SessionAuthenticationAllowInactiveUser was moved as
part of this release, so this release also adds a backward
incompatible change from any earlier version as well.
Added SessionAuthenticationAllowInactiveUser to support authentication of inactive users on mobile devices.
Authentication related code has partially been refactored into an
New code should import the moved classes from their new
locations. However, the refactor was done as a backward-compatible
change with TODO notes for completion.
See ARCH-244 for details on completing the refactor work.
Updates JWT Decoder so it can verify JWTs signed with asymmetric keys.