@@ -25,47 +25,72 @@ <h3>Authentication</h3>
2525 workouts, you need to authenticate.</ p >
2626
2727 < h5 > JWT Authentication</ h5 >
28+ < p >
29+ This is the suggested way. You generate a temporary token which you send in
30+ the header with each request that needs authorization
31+ </ p >
2832
33+ < h6 > 1. Get the tokens</ h6 >
34+ < p >
35+ Send your username and password to the < code > /api/v2/token</ code >
36+ endpoint, you will get an < code > access</ code > and a < code > refresh</ code > token
37+ back.
38+ </ p >
39+ < pre >
40+ result = requests.post(
41+ 'https://wger.de/api/v2/token',
42+ data={'username': 'user', 'password': 'admin'}
43+ )
44+ access_token = result.json()['access']
45+ refresh_token = result.json()['refresh']
46+
47+ print(result.json())
48+ > > > {'refresh': 'eyJhbGciOiJIUzI1...', 'access': 'eyJhbGciOiJIUzI...'}
49+ </ pre >
50+
51+ < h6 > 2. Authenticate</ h6 >
2952 < p >
30- This is the suggested way. Generate an access token from the < code > /token/</ code >
31- endpoint. Send a username and password, and you will get the < code > access</ code > token
32- which you can use to access the private endpoints.
53+ Pass the access token in the Authorization header as < code > "Bearer: your-token"</ code >
3354 </ p >
3455 < pre >
35- curl \
36- -X POST \
37- -H "Content-Type: application/json" \
38- -d '{"username": "example_username", "password": "example_password "}' \
39- https://wger.de/api/v2/token/
40-
41- ...
42- {
43- "access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNDU2LCJqdGkiOiJmZDJmOWQ1ZTFhN2M0MmU4OTQ5MzVlMzYyYmNhOGJjYSJ9.NHlztMGER7UADHZJlxNG0WSi22a2KaYSfd1S-AuT7lU",
44- "refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"
45- }
56+ result = requests.get(
57+ 'https://wger.de/api/v2/workout/',
58+ headers={'Authorization': f'Bearer {access_token}'}
59+ )
60+
61+ print(result.json())
62+ > > > {'count': 5, 'next': None, 'previous': None, 'results': [{'id':.....
4663</ pre >
4764
4865 < p >
49- Additionally, you can send an access token to < code > /token/verify/ </ code >
50- endpoint to verify that token .
66+ Additionally, you can send the access token to < code > /token/verify</ code >
67+ endpoint to verify it .
5168 </ p >
5269
70+ < pre >
71+ result = requests.post('https://wger.de/api/v2/token/verify', data={'token': access_token})
72+ </ pre >
73+
74+ < h6 > 3. Refresh</ h6 >
5375 < p >
5476 When this short-lived access token expires, you can use the longer-lived
5577 < code > refresh</ code > token to obtain another access token.
78+ </ p >
5679 < pre >
57- curl \
58- -X POST \
59- -H "Content-Type: application/json" \
60- -d '{"refresh":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImNvbGRfc3R1ZmYiOiLimIMiLCJleHAiOjIzNDU2NywianRpIjoiZGUxMmY0ZTY3MDY4NDI3ODg5ZjE1YWMyNzcwZGEwNTEifQ.aEoAYkSJjoWH1boshQAaTkf8G3yn0kapko6HFRt7Rh4"}' \
61- https://wger.de/api/v2/token/refresh/
62-
63- ...
64- {"access":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3BrIjoxLCJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiY29sZF9zdHVmZiI6IuKYgyIsImV4cCI6MTIzNTY3LCJqdGkiOiJjNzE4ZTVkNjgzZWQ0NTQyYTU0NWJkM2VmMGI0ZGQ0ZSJ9.ekxRxgb9OKmHkfy-zs1Ro_xs1eMLXiR17dIDBVxeT-w"}
80+ result = requests.post(
81+ 'https://wger.de/api/v2/token/refresh/',
82+ data={'refresh': refresh_token}
83+ )
84+ token = result.json()
85+
86+ print(token)
87+ > > > {'access': 'eyJhbGciOiJI...'}
88+
6589</ pre >
6690
67- < h5 > Token</ h5 >
91+ < h5 > Permanent Token</ h5 >
6892 < p >
93+ Note that this method is not recommended.
6994 You can also pass a permanent token in the header to authenticate, but this
7095 method should be considered deprecated. If you want to generate a token
7196 < a href ="{% url 'core:user:api-key' %} "> use this page</ a > .
0 commit comments