Skip to Content

JWT Authentication

by
Odoo
v 19.0 Third Party 35
Download for v 19.0 Deploy on Odoo.sh
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 232
Technical Name hb_jwt
LicenseLGPL-3
Websitehttps://github.com/habibmhamadi/hb_jwt
Versions 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 232
Technical Name hb_jwt
LicenseLGPL-3
Websitehttps://github.com/habibmhamadi/hb_jwt
Versions 17.0 18.0 19.0

JWT Authentication

Secure API authentication with access tokens and refresh token rotation

Secure Token-Based Authentication

Modern JWT implementation for your Odoo APIs

Industry-standard JWT (JSON Web Token) authentication with HS256 signing algorithm

Refresh token rotation for enhanced security with automatic revocation of old tokens

Password change detection to invalidate all existing tokens when credentials are updated

This module provides a complete JWT authentication system for your Odoo instance, allowing you to build secure mobile apps, external integrations, and API-first architectures with industry-standard token-based authentication.

Key Features

Everything you need for secure API access

Complete Authentication Flow

Full-featured authentication endpoints: login with credentials, refresh access tokens, logout individual sessions, and logout all user sessions. Supports CORS out of the box.

Protected Endpoints

Built-in `/api/me` endpoint that validates JWT tokens and returns authenticated user information. Easy to extend for your custom API endpoints.

Configurable Security

Adjustable token expiration times via system parameters. Default 15-day access tokens and 30-day refresh tokens with secure token rotation.

Token Tracking

Stores refresh tokens with user agent, IP address, expiration dates, and rotation history. Complete audit trail for security monitoring.

API Endpoints

Ready-to-use authentication infrastructure

POST /api/auth/login

Authenticate with login/password. Returns access token and refresh token.

POST /api/auth/refresh

Rotate refresh token and get new access token. Automatically revokes old token.

POST /api/auth/logout

Revoke a specific refresh token and end that session.

POST /api/auth/logout_all

Revoke all refresh tokens for the authenticated user. Requires valid access token.

GET /api/me

Protected endpoint that returns authenticated user information. Requires Bearer token.

Technical Details

  • Author: Habib Mhamadi
  • Website: https://github.com/habibmhamadi/hb_jwt
  • License: LGPL-3
  • Category: Technical

Requirements

  • Odoo 17.0+
  • PyJWT Python package (installed via pip)

Installation

Install PyJWT first:

pip install PyJWT

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Please choose a rating from 1 to 5 for this module.