// the find
jpadilla/django-rest-framework-jwt
JSON Web Token Authentication support for Django REST Framework
JWT authentication backend for Django REST Framework. Drop-in package that adds token obtain/refresh/verify endpoints and a custom authentication class. Officially unmaintained as of the README's own notice — the author pointed to alternatives years ago.
Clean integration with DRF's authentication backend protocol — just add `JSONWebTokenAuthentication` to `DEFAULT_AUTHENTICATION_CLASSES` and you're done. Configurable via `JWT_AUTH` settings dict: expiry, algorithm, audience, secret — reasonable defaults throughout. Includes a `test.py` helper for generating tokens in tests, which most auth packages skip. Small surface area — under 10 source files, easy to read and understand completely.
Unmaintained since at least 2022, targeting Django 1.8–1.11 and Python 2.7/3.3–3.6 — all of which are end-of-life. No token blacklisting or revocation mechanism, so logout is a client-side fiction. No refresh token rotation, which is a security gap for anything beyond throwaway sessions. The maintainer explicitly tells you to use something else in issue #484 — `simple-jwt` is the obvious successor and is actively maintained.