{"id":16420761,"url":"https://github.com/andrew-chen-wang/mobile-auth-example","last_synced_at":"2025-03-23T07:32:03.092Z","repository":{"id":37360796,"uuid":"244479592","full_name":"Andrew-Chen-Wang/mobile-auth-example","owner":"Andrew-Chen-Wang","description":"Native iOS and Android + Django Backend Server example for Auth using JWT","archived":false,"fork":false,"pushed_at":"2023-04-21T20:53:26.000Z","size":440,"stargazers_count":11,"open_issues_count":7,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-18T18:45:39.462Z","etag":null,"topics":["android","authentication","django","django-rest-framework","drf","ios","jwt","kotlin","login","sample","swift"],"latest_commit_sha":null,"homepage":"","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Andrew-Chen-Wang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-02T21:30:43.000Z","updated_at":"2024-08-22T04:28:07.000Z","dependencies_parsed_at":"2024-10-28T15:28:35.703Z","dependency_job_id":"8462c4c8-3e5f-4769-b00b-a43947ab9305","html_url":"https://github.com/Andrew-Chen-Wang/mobile-auth-example","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andrew-Chen-Wang%2Fmobile-auth-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andrew-Chen-Wang%2Fmobile-auth-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andrew-Chen-Wang%2Fmobile-auth-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andrew-Chen-Wang%2Fmobile-auth-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Andrew-Chen-Wang","download_url":"https://codeload.github.com/Andrew-Chen-Wang/mobile-auth-example/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245071943,"owners_count":20556352,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","authentication","django","django-rest-framework","drf","ios","jwt","kotlin","login","sample","swift"],"created_at":"2024-10-11T07:29:07.498Z","updated_at":"2025-03-23T07:32:02.793Z","avatar_url":"https://github.com/Andrew-Chen-Wang.png","language":"Swift","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sample Server + Mobile App JWT\n\nBy: Andrew Chen Wang\n\nCreated: 2 March 2020\n\nThis application contains the Django server running with DRF and SimpleJWT in order to demonstrate how apps should communicate with JWT (an access and refresh token).\n\nDetailed in each application is what I've done. PLEASE DO iOS development first and deploy your web app FIRST. Android local development is a pain in the bum... Just trust me and you can ignore some of those aforementioned weird XML stuff and just use your regular domain.\n\n---\n### Why use JWT?\n\nJWT authentication is widely accepted as a safer version of authentication for end users rather than constantly sending a username and password. In this demonstration, I'm keeping my tokens (on the mobiles) in their respective device's safe storage unit, widely known as a keychain.\n\nWe use JWTs in case our user is inside of an unsafe network. These JWTs are encrypted but do not contain the user's password or username. So even if a token is stolen, since everyone should be using a HTTPS server (please... for the love of god), the theif can only do so much with the limited amount of time the access token can have (default is 5 minutes).\n\nWhen implementing your own server, simply make sure you are using some basic security measures, such as using salted and hashed passwords (default in Django), reset password links are sent to emails rather than directly being able to do it through a view, and making sure you are not exposing ports on accident that can be susceptible to attacks.\n\nThose are some basics and only SOME of the vulnerabilities that any server should have.\n\n---\n### How to setup\n\n1. Clone or download this repository\n2. To run the server, create a virtual environment `virtualenv venv \u0026\u0026 source venv/bin/activate`, install packages `pip install -r requirements.txt` -- the requirements.txt file is inside the server subdirectory -- and do `python manage.py migrate \u0026\u0026 python manage.py runserver`.\n    - Again, make sure when you do this, you are inside the server directory on your terminal/cmd.\n    - On Windows, you should do `venv\\Scripts\\activate` instead of `source venv/bin/activate`\n3. To test on the mobiles, open either the `jwt-ios` or `jwt-android` subdirectory using their respective IDEs (iOS only works on Macs with Xcode! Android Studio works on any platform.).\n\nA default user with the username `test` and password `test` have been created.\n\n**When going into production (and testing for android), you'll want to change the urls in the code obviously. For Android, there are specific instructions on configuration for BOTH local and production.**\n\n---\n### FAQ\n\nWhy am I getting a 403 status code instead of a 401?\n- For some reason, you MUST have the SimpleJWT authentication set first in your iterable in the REST_FRAMEWORK setting, before SessionAuthentication (or whatever other backends you use).\n\nWhy the negativity against Android?\n- Deprecations, minSdks, steep learning curve (even for senior devs, it's still hard), outdated SO questions and tutorials, etc.\n- Also, there is this heavy push to have OAuth connection to Google when developing for Android... I'll get a new repo up for those wishing for that kind of integration, but it's one hell of a push by Google.\n- Deprecation. Deprecation. Deprecation. iOS is chill with this since the OS is proprietarily used for iOS only. If you want to put a mood meter for the iOS and Android dev subreddits, you'll see that Android breaks the meter.\n\n---\n### Technical Details\n\n- Django 3.0.3 and DRF 3.11.0 + SimpleJWT 4.4.0\n- Swift 5.1 for development\n- Android MinSDK 22 Target 29 Kotin 1.3.70\n\n---\n### License\n\n```\nCopyright 2020 Andrew Chen Wang\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrew-chen-wang%2Fmobile-auth-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandrew-chen-wang%2Fmobile-auth-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrew-chen-wang%2Fmobile-auth-example/lists"}