Verifying JWT Tokens in Django Using djangorestframework-simplejwt

Last updated 4 months ago | 209 views 75     5

Tags:- Python Django DRF

Card image

Verifying JWT Tokens in Django Using djangorestframework-simplejwt

Introduction: Why JWT Token Verification Matters

In modern web and mobile applications, stateless authentication using JWT (JSON Web Tokens) is now the norm. Django developers often use djangorestframework-simplejwt to integrate JWT securely with Django REST Framework (DRF).

While JWTs are self-contained and can be decoded without server storage, it's essential to verify them to ensure:

  • They’re properly signed and not tampered with.

  • They’ve not expired.

  • They haven’t been blacklisted (if blacklisting is enabled).

Token verification is crucial in login-required APIs, protected views, and when debugging frontend authentication issues.

Setting Up djangorestframework-simplejwt for Token Verification

✅ Step 1: Install the Required Package

pip install djangorestframework-simplejwt

✅ Step 2: Configure JWT in settings.py

# settings.py

INSTALLED_APPS = [
    ...,
    'rest_framework',
    'rest_framework_simplejwt',
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    )
}

✅ Step 3: Add JWT Token Endpoints to urls.py

# urls.py

from django.urls import path
from rest_framework_simplejwt.views import (
    TokenObtainPairView,
    TokenRefreshView,
    TokenVerifyView,
)

urlpatterns = [
    path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),        # Login
    path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),       # Refresh
    path('api/token/verify/', TokenVerifyView.as_view(), name='token_verify'),          # ✅ Verify
]

How Token Verification Works

To verify a token, you send a POST request with the token to the /api/token/verify/ endpoint.

✅ Request Example

POST /api/token/verify/

{
  "token": "your-access-or-refresh-token"
}

✅ Success Response (HTTP 200)

{}

An empty response means the token is valid.

❌ Failure Response (HTTP 401)

{
  "detail": "Token is invalid or expired",
  "code": "token_not_valid"
}

Full Example: Token Verification in Action

Let’s walk through a real use case.

Step 1: Obtain a Token

Use /api/token/ to log in and get your access and refresh tokens.

{
  "username": "john",
  "password": "supersecurepassword"
}

Response:

{
  "access": "eyJ0eXAiOiJKV1QiLCJh...",
  "refresh": "eyJ0eXAiOiJKV1QiLCJh..."
}

Step 2: Verify the Token

Request:

POST /api/token/verify/
{
  "token": "eyJ0eXAiOiJKV1QiLCJh..."  # Use the access token here
}

Success: You get {}.

Failure (e.g. token expired or invalid):

{
  "detail": "Token is invalid or expired",
  "code": "token_not_valid"
}

⚠️ Tips & Common Pitfalls

✅ Tips

  • Use token verification in custom login status checks (e.g., mobile apps).

  • Works for both access and refresh tokens.

  • Can be useful in middleware or frontend validation logic.

❌ Common Pitfalls

  • Verifying an expired token will always return an error.

  • If blacklisting is enabled and a token is revoked, it will fail verification.

  • Only works if JWT is properly configured in settings.py.

Summary Table: Token Endpoints Overview

Endpoint Purpose Token Type Required Example Use Case
/api/token/ Obtain access + refresh Credentials Login
/api/token/refresh/ Refresh access token Refresh token Session renewal
/api/token/verify/ Verify a token's validity Access/Refresh token Debugging or token check

Final Code Snippet (Functional API Setup)

# urls.py

from django.urls import path
from rest_framework_simplejwt.views import (
    TokenObtainPairView,
    TokenRefreshView,
    TokenVerifyView,
)

urlpatterns = [
    path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
    path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
    path('api/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
]

# settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    )
}

Conclusion: When and Why to Use Token Verification

Verifying JWTs is a simple but powerful way to boost your app’s security and debugging capabilities. It ensures tokens are valid, unexpired, and trustworthy — and helps build a better developer experience when working with frontend apps or APIs.

Key Takeaways

  • Use /api/token/verify/ to check if a token is still valid.

  • Perfect for debugging, frontend token checks, or middleware logic.

  • Ensure JWT is properly configured in Django before testing.

 

From The Article

Card image

Django Models – Delete Data
Card image

Understanding Array Shape in NumPy: A Complete Guide

Uncaught TypeError: e.indexOf is not a function in JQuery
Card image

What is swapcase() function in the Python?
Card image

Understanding PHP Iterables: Iterate Smarter, Code Cleaner
Card image

Understanding Status Codes and Response in Django REST Framework

Trending View All

How to show data values on top of each bar …

Updated 5 years ago | 39219 views
A non-numeric value encountered in PHP

Updated 6 years ago | 23589 views
The view account.views.register did not return an HttpResponse object. It …

Updated 5 years ago | 19446 views
Input type number maxlength not working

Updated 5 years ago | 17286 views
Uncaught TypeError: e.indexOf is not a function in JQuery

Updated 6 years ago | 13623 views
How to start array index from 1 in PHP

Updated 5 years ago | 12920 views

Interview Questions

PHP Interview Question
PayPal Interview Question
MySQL Interview Question
PHP-MySQL Interview Question
SQL Interview Question
CodeIgniter Interview Question
JQuery Interview Question
htaccess Interview Question
JavaScript Interview Question
HTML Interview Question
Python Interview Question
Django Interview Question