Consider channels-auth-token-middlewares

[johnthagen]

Thanks for the great tutorial! One thing that I had hoped could be improved is that a standard middleware could be used for token auth rather than having to implement this in each app.

channels-auth-token-middlewares recently added support for this in a standard way that can be reused, so I thought perhaps TestDriven IO might be interested in using that for the training tutorials.

---

channels-auth-token-middlewares provides a QueryStringSimpleJWTAuthTokenMiddleware to support token authentication out of the box when using Simple JWT with Django REST Framework.

Update INSTALLED_APPS:

INSTALLED_APPS = [
    # base django apps (django.contrib.auth is required)
    # other apps this one depends on (like rest_framework if it's necessary)
    'channels_auth_token_middlewares',
    # custom apps
]

Insert QueryStringSimpleJWTAuthTokenMiddleware into your ASGI application stack:

application = ProtocolTypeRouter(
    {
        "http": django_asgi_app,
        "websocket": AllowedHostsOriginValidator(
            QueryStringSimpleJWTAuthTokenMiddleware(
                URLRouter(...),
            ),
        ),
    }
)

Clients pass their JWT token into the token query parameter:

from websocket import create_connection

token = "EXAMPLE_TOKEN"
ws = create_connection(f"ws://127.0.0.1/ws/?token={token}")

The authenticated User (or AnonymousUser if the JWT is invalid) will be populated into the "user" key of the scope passed to the Consumer

class MyAsyncCommunicator(AsyncWebsocketConsumer):
    async def connect(self) -> None:
        user = self.scope["user"]
        # Validate user before accepting the Websocket Connection
        # For example:
        if not user.is_authenticated or user.is_anonymous:
            # Handle unauthorized.