passing jwt secrets between django app and windmill via api
Hey all, i am trying to securely pass bearer tokens between my django app and windmill to authenticate API calls and create a hashed payload for data exchange. In my django app i am using python-jwt (import jwt). This doesnt seem to be compatible within windmill. Since jwt doesnt seem to be supported in Windmill, I tried creating a custom encode_jwt function in Windmill using hmac, hashlib, and base64 to match Django’s HS256 encoded JWTs. Despite this, the tokens still aren’t matching up as expected.
I know in the documentation there are specifics that need to be passed from the windmill side in the payload, I do have those listed as part of the payload referencing this doc. Is there a better way to do this? I can do it in params if needed...
After narrowing down, I think this might have to do with my middlware and how it's authorizing the call back from windmill to my django app. Maybe something to do with listing the user in windmill to then be authenticated as it comes into django. This would mean potentially setting up a windmill user model in my django database in order to be authenticated properly, i believe. I just cannot seem to bypass the "unauthorized header" piece that is set in my windmill script. Wondering if i'm just going about this incorrectly.
I know in the documentation there are specifics that need to be passed from the windmill side in the payload, I do have those listed as part of the payload referencing this doc. Is there a better way to do this? I can do it in params if needed...
After narrowing down, I think this might have to do with my middlware and how it's authorizing the call back from windmill to my django app. Maybe something to do with listing the user in windmill to then be authenticated as it comes into django. This would mean potentially setting up a windmill user model in my django database in order to be authenticated properly, i believe. I just cannot seem to bypass the "unauthorized header" piece that is set in my windmill script. Wondering if i'm just going about this incorrectly.
