[Example] Custom Auth Service that works with drf-simplejwt

[eshaan7]

Hi, I am using drf-simplejwt with Angular 9 for a project IntelOwl-ng.

How it works

I wrote a custom Auth.service.ts to work with simplejwt's access-refresh token pair which automatically sends refresh token request in background if access token expired but refresh token is still valid. So overall smooth and secure experience for the user.

• This hook isAuthenticatedOrRefresh() is implemented in the HTTP interceptor as well as Auth Guard.
• It uses localStorage by default but you can easily modify it to work with cookie storage or SessionStorage.

Code

Auth.service.ts: https://github.com/intelowlproject/IntelOwl-ng/blob/master/src/app/%40core/services/auth.service.ts

Other interesting files which leverages the use of this auth service include,

• auth-guard.service.ts,
• user.service.ts,
• login.component.ts, and most importantly,
• http.intereceptor.ts - the main problem that this interceptor class solves is that we need to filter out the /api/refresh-token and /api/login endpoints

Thought this might be useful for anyone who stumbles on this project.

[Andrew-Chen-Wang]

Hi @eshaan7 Thanks for the provided code. The problem with that implementation (using SimpleJWT 4.4.0) is that many developers probably won't set up HTTPS protocol, so we're mitigating a lot of it for a new PR designed, reflecting a lot of what CSRF does, specifically for JS frameworks. The current PR in this repository uses that aforementioned PR for SimpleJWT which is more safe.