Skip to content

Sushank-Code/JWTAuth-API

BranchesTags

Repository files navigation

JWT Authentication API

A RESTful authentication API built with Django REST Framework, Djoser, and SimpleJWT. Features email-based JWT authentication, Google OAuth2 social login, role-based access control (RBAC), and interactive API documentation.

Features

  • Email-based authentication — Register and log in using email instead of username
  • JWT tokens — Access/refresh token pair with automatic rotation and blacklisting
  • Email verification — Account activation via email with custom HTML templates
  • Password management — Set password, reset password with email confirmation
  • Google OAuth2 — Social login via Google
  • Role-Based Access Control — Customer (default) and Seller roles with group-based permissions
  • Seller verification — UUID-token-based email verification flow for seller onboarding
  • API documentation — Auto-generated OpenAPI 3.0 schema with Swagger UI and ReDoc

Tech Stack

  • Python 3.x
  • Django 6.0
  • Django REST Framework 3.16
  • Djoser 2.3
  • SimpleJWT 5.5
  • drf-spectacular 0.29
  • social-auth-app-django 5.7

Project Structure

Jwt_AuthAPI/
├── authapi/                # Project configuration
│   ├── settings.py
│   ├── urls.py
│   ├── wsgi.py
│   └── asgi.py
├── accounts/               # Authentication & user app
│   └── templates/accounts/
│       └── activation.html
│   ├── email.py            # Custom activation email
│   ├── models.py           # Custom Account model & 
│   ├── permissions.py      # IsSeller custom permission
│   ├── pipeline.py         # Social auth auto-activation 
│   ├── serializers.py      # Registration, logout & seller 
│   ├── urls.py
│   ├── views.py            # Logout, seller & dashboard 
├── manage.py
├── requirements.txt
└── JWT Authentication API.yaml   # OpenAPI 3.0 spec
└── DJoserAuthAPI.postman_collection.json   # Postman Collection

API Endpoints

Base URL: /api/v1/auth/

Authentication

Method Endpoint Description Auth
POST /users/ Register a new account No
POST /users/activation/ Activate account via uid & token No
POST /users/resend_activation/ Resend activation email No
POST /jwt/create/ Login — obtain access & refresh tokens No
POST /jwt/refresh/ Refresh access token No
POST /jwt/verify/ Verify a token No
POST /logout/ Logout — blacklist refresh token Yes

User Management

Method Endpoint Description Auth
GET /users/me/ Get current user profile Yes
PUT/PATCH /users/me/ Update current user profile Yes
DELETE /users/me/ Delete current user account Yes
POST /users/set_password/ Change password Yes
POST /users/reset_password/ Request password reset email No
POST /users/reset_password_confirm/ Confirm password reset No
POST /users/set_email/ Change email address Yes
POST /users/reset_email/ Request email reset No
POST /users/reset_email_confirm/ Confirm email reset No

Seller (RBAC)

Method Endpoint Description Auth
POST /seller/ Apply to become a seller Yes
GET /verify-seller/{token}/ Verify seller via UUID token Yes
GET /sellerDashboard/ Access seller dashboard Yes (Seller only)

Google OAuth2

Method Endpoint Description Auth
POST /o/google-oauth2/ Google social login No

Screenshots

Register

Register

Login — Obtain JWT Tokens

Login

Access Protected Endpoint (/users/me/)

Me

Logout — Blacklist Refresh Token

Logout

Apply for Seller

Seller Apply

Seller verification

Seller Verification

JWT Configuration

Setting Value
Access token lifetime 30 minutes
Refresh token lifetime 1 day
Token rotation Enabled
Blacklist after rotation Enabled
Auth header prefix JWT

API Documentation

Interactive documentation is available when the server is running:

An exported OpenAPI 3.0 spec is also available at JWT Authentication API.yaml.

Postman

Role-Based Access Control

The API implements group-based RBAC with two roles:

  • Customer — Assigned automatically on registration. Can browse, manage their own profile, and apply to become a seller.
  • Seller — Granted after seller verification. Gains access to the seller dashboard and seller-specific endpoints via the IsSeller permission class.

Environment Variables

Variable Description
SECRET_KEY Django secret key
DEBUG Enable debug mode (True/False)
EMAIL_HOST SMTP server hostname
EMAIL_HOST_USER SMTP username
EMAIL_HOST_PASSWORD SMTP password
EMAIL_PORT SMTP port
EMAIL_USE_TLS Enable TLS (True/False)
DEFAULT_FROM_EMAIL Default sender email
GOOGLE_CLIENT_ID Google OAuth2 client ID
GOOGLE_SECRET Google OAuth2 client secret

About

djoser

documenter.getpostman.com/view/43960170/2sBXcEmgMa

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages