2

I am having some trouble authenticating requests to a Django REST endpoint. I have a token-auth URL which points towards rest_framework_jwt.views.obtain_jwt_token, e.g.:

urlpatterns = [
    path('token-auth/', obtain_jwt_token),
    path('verify-token/', verify_jwt_token),
    path('current_user/', CurrentUserView.as_view()),
]

where CurrentUserView is:

class CurrentUserView(APIView):
    def post(self, request):
        print(request.user)
        serializer = UserSerializer(request.user)
        return Response(serializer.data)

if I create a token in the browser by visiting http://localhost/token-auth/, I can then verify it using the command:

curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/verify-token/

however the same request called to the http://localhost/current_user/ returns a 400 code:

curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/current_user/

{"detail":"Authentication credentials were not provided."}

Framework settings are:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
}

And Django is being run in a container with the following Dockerfile:

FROM python:3
WORKDIR /code
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
COPY . .
ENV PYTHONUNBUFFERED=1
EXPOSE 8000
Improve this question

1 Answer 1

Reset to default
1

You should provide jwt token in your requests. here is the sample:

curl -X POST -H "Content-Type: application/json" -H "Authorization: jwt <MY_TOKEN>" http://localhost/current_user/

You are sending token by mistake in data section, instead you should provide it in Authorization header.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks @Reza. You were correct, the verify_jwt_token view requires the token to be sent as data, as I guess it is not an authentication method, but rather just a form response
any time my friend :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.