Skip to content

Shift Tethys API Views from CSRF and Session to JSON Web Token (JWT) #1216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
swainn merged 10 commits into from
Dec 24, 2025
Merged

Shift Tethys API Views from CSRF and Session to JSON Web Token (JWT) #1216

swainn merged 10 commits into from
Dec 24, 2025

Conversation

@ckrew
Copy link
Contributor

@ckrew ckrew commented Dec 1, 2025
edited
Loading

Description

This merge request updates the way that reactapps work with Tethys and authentication, namely shifting Tethys APIs from session and csrf based authentication to JSON Web Tokens (JWT).

Changes Made to Code

ReactApp Templates:

  • Removed getSession and getCSRF APIs
  • Added new getJWTToken and refreshJWTToken APIs
  • Updated loader to not use getSession and instead use JWTs

Tethys:

  • Removed get_session and get_csrf views and urls
  • updated whoami view
  • new APIs for token, token/refresh, and token/verify

Related PRs, Issues, and Discussions

Additional Notes

Quality Checks

  • At least one new test has been written for new code
  • New code has 100% test coverage
  • Code has been formatted with Black
  • Code has been linted with flake8
  • Docstrings for new methods have been added
  • The documentation has been updated appropriately

@ckrew
in reactapp, replace getSession and getCSRF with getJWTToken. getJWTT…
288e2bf 
…oken will return the access and refresh token of an authenticated user or null if noone is logged in

in tethys, replace api views with django rest apis. removed csrf and session endpoints. updated whoami. added get_token
@ckrew ckrew requested a review from swainn December 1, 2025 22:59
swainn
swainn requested changes Dec 2, 2025
View reviewed changes
@ckrew
Copy link
Contributor Author

ckrew commented Dec 15, 2025

@swainn any concerns here about backwards capabilities? should i include something that still works with the old stuff and add a deprecation warning?

@swainn
Copy link
Member

swainn commented Dec 15, 2025

@swainn any concerns here about backwards capabilities? should i include something that still works with the old stuff and add a deprecation warning?

Yes. Let's keep it backward compatible and add a deprecation warning.

@coveralls
Copy link

coveralls commented Dec 15, 2025
edited
Loading

Coverage Status

coverage: 100.0%. remained the same
when pulling b315293 on api_view_updates
into 5011fa0 on main.

@ckrew
Copy link
Contributor Author

ckrew commented Dec 16, 2025

this is ready for review again. Let me know if there is anything else that needs to change

@ckrew
Copy link
Contributor Author

ckrew commented Dec 19, 2025

@swainn any concerns here about backwards capabilities? should i include something that still works with the old stuff and add a deprecation warning?

Yes. Let's keep it backward compatible and add a deprecation warning.

update this to it "will be deprecated and will be removed in a future tethys version"

@swainn swainn merged commit 110efb4 into main Dec 24, 2025
49 of 50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swainn swainn swainn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ckrew @swainn @coveralls