We are trying to use dj_rest_auth to make social authentication, starting with Google auth, work on a site / app using JWT token pair (access & refresh). Our attempted solution is as follows:
Goal: We are modifying the register & login API endpoints provided by dj_rest_auth to return our JWT custom token pair (as returned by the api/token endpoint), instead of the session key.
Possible options:
Option 1: Extend dj_rest_auth.registration.views.RegisterView with a CustomRegisterView, modifying the perform_create method to return the JWT token pair.
Option 2: Let dj_rest_auth.registration.views.RegisterView return the session key & token be in the cookie, but modify the token in the cookie to add the logic in our custom token serializer to add additional fields. The above approaches will apply to Loginview as well.
Our questions:
Which of the above is better?
Our preference is for approach 1 - more consistent with our maintenance & use of tokens before social auth. Is there any concern with the above option 1 - ie having register & login endpoints return the JWT token pair? Assuming Option 1 - what is the best way to do it? We are trying to extend the RegisterView - but it’s unclear which method to extend to modify the output. We have already extended the rest_framework_simplejwt.serializers.TokenObtainPairSerializer class to modify the get_token method to return additional fields we need in our token - and this is working with the /api/token endpoints. Is there a way to reuse the same Serializer or code?
Thank you.