Correct way of consume an API with JWT in a Django MVT project

In my previous projects, I have focused on using Django Core features such as MVT, middlewares, etc. However, my current project is a SAAS that requires me to interact with an API wich has two main endpoints: one for authentication and one for validating some JWS.

The authentication endpoint requires a username and a password, and it returns a JWT that expires every “x” hours. My plan, at very high level, is to implement the following steps to authenticate users and keep all credentials in a reasonable security layer:

  1. Keep the username and password that will be sent to the API in an encrypted text (in this case I cannot use a hash for this password, because I will send it to de API endpoint).
  2. Send a POST request to the authentication endpoint using the requests library.
  3. If the server responds with a JWT, store it in the database in an encrypted text.
  4. For all other requests to the API that require the JWT, I will send the token in the headers using the requests library. If the token fails because it has expired, ask for a new token as in step 1.

Does this approach seem clear and secure?
What could you suggest me?

1 Like