New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

django-channels-jwt

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

django-channels-jwt

Secure JWT Auth Middleware for Django Channels

0.0.3
PyPI
Maintainers
1

Django Channels JWT

Django Channels JWT Middleware is a secure way to handle authentication for Django Channels WebSocket connections without directly exposing JWT tokens. Instead of sending the token itself in the query parameter, this middleware uses UUID-based authentication and cache-based user retrieval for enhanced security.

Security Benefits

  • Enhanced Security: JWT tokens can potentially be intercepted if sent as query parameters. This middleware avoids sending tokens directly, minimizing the risk of token leakage.

  • UUID-based Authentication: This middleware generates UUIDs as tokens for WebSocket connections. These UUIDs are short-lived and act as temporary access keys. When a user connects, they provide the UUID, which is used to retrieve the authenticated user.

  • Cache-based User Retrieval: Upon connection, the middleware validates the UUID, retrieves the corresponding user ID from the cache, and fetches the user asynchronously. This ensures that the WebSocket connection is only established for authenticated users.

Risks of Sending Tokens as Query Parameters

Sending tokens as query parameters can expose security vulnerabilities:

  • Token Exposure: Tokens in query parameters can be captured in logs, browser history, or server logs, increasing the risk of unauthorized access.
  • Caching: Some proxies or servers may cache URLs, which could lead to tokens being stored in shared caches.

Installation

Install the package using pip:

pip install django-channels-jwt

Configuration

  • Wrap your URLRouter

    from django_channels_jwt.middlware import JwtAuthMiddlewareStack

application = ProtocolTypeRouter({
    "http": get_asgi_application(),
    "websocket": JwtAuthMiddlewareStack(
        URLRouter(
            websocket_urlpatterns,
        )
    ),
})

  • Include the provided URL for ticket generation in your project's urls.py:

 from django.urls import path, include

 url_patterns = [
     # ... your other URL patterns
     path("api/auth/", include('django_channels_jwt.urls')
 ]

or if you want to set customized route

from django.urls import path, include
from django_channels_jwt.views import AsgiValidateTokenView

url_patterns = [
    # ... your other URL patterns
    path("auth_for_ws_connection/", AsgiValidateTokenView.as_view())
]

Usage

  • Ensure your Django app's models are configured correctly.
  • Use the included AsgiValidateTokenView to generate a ticket (UUID) for WebSocket connections.
  • Connect to your WebSocket with the generated UUID to authenticate the connection without exposing the token.
ws://localhost:8001/ws/chat/?uuid=

1.0.0 (2023-08-11)

  • First release on PyPI.

Keywords

django
channels
jwt
auth
middleware
python

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Lazarus Strikes npm Again with New Wave of Malicious Packages

Research

Security News

Lazarus Strikes npm Again with New Wave of Malicious Packages

The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.

By Kirill Boychenko  -  Mar 10, 2025