Django API quickstart uses unmaintained package #9825
Comments
|
Further - as far as I can tell the recommendation to add the RemoteUserMiddleware has no effect. The RemoteUserMiddleware looks for a REMOTE_USER header - which is almost certainly not set by the application making the request. The actual change that matters here is the RemoteUserBackend addition. That, in combination with the authenticate() call in jwt_get_username_from_payload_handler, creates/logs in the user based solely on username. |
|
The current version of drf-jwt on PyPi is maintained, and the latest release was only a couple of months ago. It has been forked from the Repo you listed. https://pypi.org/project/drf-jwt/. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The Django API quickstart guide uses a package that's been unmaintained for two years. This was a pretty unpleasant surprise to find after implementing an initial Auth0 integration.
Reproduction
https://auth0.com/docs/quickstart/backend/django/01-authorization .
drf-jwtis unmaintained and has been for two years.See: jpadilla/django-rest-framework-jwt#484
Environment
N/A
The text was updated successfully, but these errors were encountered: