378 questions
1
vote
2
answers
100
views
Upgrading Django to 5.2.7 causing error wth rest_framework_simplejwt as django.utils.timezone is depreciated
I am upgrading my Django project to v5.2.7.
After installing requirements.txt with the upgraded versions of all libraries, I ran the command to validate the code
python manage.py check
But it is ...
- 125
0
votes
1
answer
72
views
Django + SimpleJWT: Access tokens sometimes expire immediately ("credentials not provided") when calling multiple endpoints
I’m building a Vue 3 frontend (deployed on Vercel at example.com) with a Django REST Framework backend (deployed on Railway at api.example.com).
Authentication uses JWT access/refresh tokens stored in ...
0
votes
2
answers
176
views
How to secure a refresh token in a JWT system when it's sent as an httpOnly cookie
In my React + Django project, I’m currently sending the refresh token as an HttpOnly cookie. The problem with HttpOnly cookies is that they are automatically sent by the browser, which makes them ...
- 9
1
vote
1
answer
145
views
ModuleNotFoundError: No module named 'rest_framework_simplejwt'. I have tried the methods listed in other posts
I am building an authentication system with the JWT token. I have done pip install djangorestframework-simplejwt and pip install --upgrade djangorestframework-simplejwt in my virtual environment. This ...
- 11
0
votes
0
answers
50
views
How is jwt protected from XSS ? and why not use IP with the JWT hash?
I am creating my 1st django-react application, but i got stuck on the login process.
Currently i am using simplejwt, while i can keep the access token inside react state, the refresh token has to be ...
- 11
0
votes
0
answers
23
views
Duplicate backend requests for no specific reason w/djangorestframework-simplejwt and angular
I've got a backend authentication using django rest framework simplejwt
When I make request to it in angular I notice that 2 requests are made instead of one, for example you can look at this:
...
0
votes
0
answers
48
views
Django REST Framework , How to securely log out?
The classic issue of browser cache and back navigation button.
How can I make all necessary actions in backend that client can successfully log out?
I have implemented simplejwt token to http cookies, ...
- 3
0
votes
0
answers
75
views
Django Simple JWT + Axios, always getting 401. How can I fix this?
I’m using Nuxt and a pinia store to store the token (the token is present in the store). I've created a plugin for Axios as follows:
import axios from "axios";
export default ...
0
votes
1
answer
142
views
Is this djoser implementation secure?
This question may be too broad for StackOverflow, but I'm not sure where else to go for help.
I wrote a simple authentication system in Django with Djoser and its JWT implementation, using jQuery on ...
- 899
0
votes
1
answer
79
views
auth cookie not sent from browser to django backend
I have a Django backend that uses allauth and simplejwt (both provided by dj-rest-auth) for authentication. When I make API requests using an API client (Bruno), my auth cookies containing JWT tokens ...
- 129
0
votes
0
answers
85
views
SimpleJWT: Re-apply Blacklist Token Migration: "Table 'token_blacklist_blacklistedtoken' doesn't exist"
I have, rather sillily, run "python manage.py migrate --fake" when I added Django SimpleJWT's token blacklist functionality to my program. This means whenever I try to generate tokens or use ...
- 75
0
votes
0
answers
37
views
Unable to make authentication of views with Simple JWT in Django REST framework working
Thank you for looking at this question:
I have already spent so many hours trying to authenticate DRF views using Simple JWT. Can anybody look at my code and tell me what is wrong?
Settings:
"...
- 15
1
vote
0
answers
26
views
Can you handle all client interactions within a server action in Nextjs? How do get cookie-authentication working
Context
I am using django-rest-framework with simple-jwt authentication configured with a NextJS/React frontend, and when making a request to my django server from a react server component, I realised ...
0
votes
1
answer
99
views
Simple JWT TokenRefreshView: response has two types
I'm having trouble accessing the data attribute on a Response object in Django Rest Framework after refreshing the access token.
factory = APIRequestFactory()
new_request = factory.post(
"/api/...
- 63
1
vote
0
answers
69
views
Django Framework CSRF verification failed with 403 Forbidden error. Request aborted for non-HTML python script
I am using Django Framework with DRF to generate APIs at the backend. I am using python script as an standalone windows based application to retrieve and send data to the backend server which is ...
- 21
1
vote
1
answer
105
views
Why is POST request to /api/posts/ returning 401 Unauthorized in Django DRF despite valid token in Axios headers?
Problem:
I'm facing an issue with a 401 Unauthorized response when making a POST request to /api/posts/ in my Django Rest Framework (DRF) backend from a React frontend. The Axios instance in React ...
- 11
1
vote
2
answers
795
views
Unauthorized response to POST request in Django Rest Framework with Simple JWT
I am doing a project with REST API and Django Rest Framework. I currently have an issue in my post request where some of my endpoints return HTTP 401 Unauthorized, though all other get or update ...
- 35
0
votes
0
answers
58
views
How check if user is logged in on server side React, Django, JWT
I have set up authorization using the JWT token. Now I want to give the user access to the protected view, which requires authorization.
class GetUser(APIView):
authentication_classes = [...
-1
votes
3
answers
89
views
Call Api with special character in url
I have tried call API From FE with API is: http://localhost/search?userName=...
get(endpoint: string, responseType = 'json', params: HttpParams = null): Observable<any> {
let url = this....
- 9
0
votes
1
answer
67
views
JWT authentication keeping user session alive indefintely
I am recently implemented some authentication with auth and refresh token. I know that if the auth token expires, it will automatically fetch a new one from auth service with the refresh token. ...
- 27
-1
votes
1
answer
700
views
I'm using simple JWT for authentication in DRF project. when i try to access that api it showing bad_authorization_header
I am using simple jwt for my django rest framework project. I tried accessing using barrier token in postman it shows this error
{
"detail": "Authorization header must contain two ...
- 151
1
vote
1
answer
217
views
drf and simplejwt error in coreapi : None type object has no attribute 'Field'
I have DRF project documented with drf_yasg and validator rest framework simple jwt.
File "C:\Users\ASUS\OneDrive\Desktop\django\Django-Advance\core\accounts\api\v1\urls\accounts.py", line 5,...
- 43
0
votes
0
answers
79
views
Authentication method for Django rest framework to mitigate XSS and CSRF attacks
I am using the Django Rest Framework for my backend and React for my front, and they are served in different domains and subdomains, and now I am completely confused about what I should do to secure ...
- 15
0
votes
1
answer
654
views
Django JWT authentication TokenObtainPairView issue
I am trying to use CustomTokenObtainPairView to receive my username in token.
views:
if user.check_password(password):
# refresh = RefreshToken.for_user(user)
# refresh....
- 23
0
votes
1
answer
43
views
Error while trying to connect Django With ReactNative
I am building a React Native app with Django as the backend. I have set up the login screen in React Native and configured JWT authentication with rest_framework_simplejwt in Django. However, I ...
- 25
0
votes
2
answers
302
views
How do you hide "BlacklistedToken" and "OutstandingToken" from django admin panel?
After I added the JWT functionality to my REST apis built using djangorestframework, I have noticed these two models (BlacklistedToken and OutstandingToken) on my django admin panel that in the django ...
- 186
0
votes
0
answers
26
views
How to implement a mobile_no to be passed inorder to access tokens and not the default username and password
I'm not using password, by default simplejwt requires a default user so it prompts me for username, password and mobile_no - but I only want to user mobile no.
I tried to override the ...
0
votes
0
answers
344
views
ModuleNotFoundError: No module named 'rest_framework_simplejwt'
I am experiencing an issue with rest_framework_simplejwt when I try to run migrations in my Django project. The error I encounter is:
ModuleNotFoundError: No module named 'rest_framework_simplejwt'
I ...
0
votes
2
answers
154
views
How to customize the message for inactive user in Djoser?
I am working on a Django project and I am using Djoser as my auth library. However, when a user is trying to create a jwt token it returns
{
"detail": "No active account found with ...
- 53
0
votes
1
answer
669
views
Simple JWT says sometimes "Token is invalid or expired" and sometimes gives correct output
I have a Django REST backend configured Simple-JWT solution. About 2/3 of the requests return #
{"detail":"Given token not valid for any token type","code":"...
- 82
0
votes
3
answers
1k
views
How to Store JWT Token for SSR in Next.js 14 Without Using localStorage?
I am facing an issue with storing a JWT token in Next.js 14. I want to load a page using SSR, but localStorage is not supported in server-side components. My scenario is as follows: after logging in, ...
0
votes
1
answer
36
views
How can I access the request user in a Django REST Framework serializer?
I'm currently working on a Django project and using Djoser for user authentication. where I need to access the request user within a serializer.
class TokenRefreshSerializer(serializers.Serializer):
...
- 21
0
votes
1
answer
49
views
In django DRF using JWT, why does postman properly block access to some views but they are available from my Angular front-end without authentication?
I’m trying to restrict access to some views of my API using Django Rest Framework and simpleJWT https://django-rest-framework-simplejwt.readthedocs.io/
The issue I’m facing is that postman correctly ...
- 1
0
votes
1
answer
957
views
Getting 401 unauthorised when trying to access JWT authenticated page in Django even after generating token
I'm a student trying to teach myself JWT authentication. I created a basic log in page and after logging in the user should see a welcome page that says Welcome {username}.
However even after logging ...
0
votes
2
answers
244
views
"detail": "Authentication credentials were not provided." when trying to access list view as admin. Django REST framework
I have this simple view I built using Django REST framework:
class ProductListCreateAPIView(
StaffEditorPermissionMixin,
generics.ListCreateAPIView):
queryset = Product.objects....
1
vote
0
answers
203
views
Error in setting SIGNING_KEY in djangorestframework-simplejwt
It's a bit odd! I have separated the base settings from the local settings. For instance, I moved SECRET_KEY into an other file called local.py as my local settings:
SECRET_KEY = env(
"...
- 470
0
votes
0
answers
40
views
NoReverseMatch at /api/login/social/jwt-pair/
I was following the documentation on drf social auth https://github.com/st4lk/django-rest-social-auth/tree/master
I've encountered an issue while working with Django-Rest-Social-Auth and Simple-JWT. ...
- 23
1
vote
1
answer
642
views
simpleJWT and dj-rest-auth Cookie based authorization
Between dj-rest-auth and simpleJWT I have been able to send the set-cookie messages, store the cookies in the browser, and send them back with each request (Axios' with credentials = true), but it ...
- 66
1
vote
2
answers
505
views
Overriding DRF settings for tests
I'm using Python 3.9, Django 3.2, DRF 3.12.4. I'm adding JWT authentication method using simple JWT. To test my auth method, I need to set
"DEFAULT_AUTHENTICATION_CLASSES": (
"...
- 13
1
vote
0
answers
67
views
Django Rest Auth's JWT Cookies are not saved on Mac
I am new to Django, and I am creating an API using Django Rest Framework (3.14.0), dj-rest-auth (5.0.2) and simplejwt (5.3.1). CORS is being handled by django-cors-headers (4.3.1), and the middleware ...
- 66
0
votes
2
answers
235
views
How to customize the default Token invalid json response in django for JWTAuthentication
In my django rest app i like to change the default error response from JWTAuthentication. Currently my application is using JWT With django to work on login and logout (which blacklists the token). ...
- 1,205
2
votes
3
answers
4k
views
Django Refresh Token Rotation and User Page Refresh
I'm using Django simple JWT to implement user authentication, I have done few adjustments so the access token and refresh token are sent as http-only cookies and everything works well
On the frontend ...
- 94
0
votes
1
answer
196
views
jwt token is not working with custom user
Hi I want to implement jwt login method in django rest framework.
Below are the libraries I use.
asgiref 3.7.2
Django 5.0
django-debug-toolbar 4.2.0
djangorestframework 3.14.0
djangorestframework-...
- 138
0
votes
0
answers
362
views
Token Expiry based on user inactivity
So I am using django rest framework, and i am using simple jwt for token authentication, and i want to implement this (if the user hasn't been active on the website for 30 min then the token should ...
- 33
0
votes
2
answers
150
views
DRF post request test failing because a custom permission is stating that the "owner_id" field (custom field) does not match the authenticated user id
I'm starting to write tests for my endpoint, "categories/", and I can't get past a custom permission that I have added to the view that is being tested. In this permission, it checks the ...
- 3
0
votes
0
answers
2k
views
How to handle expired token in next js middleware?
I am using cookies and jwt to authenticate my user and also protect my route in nextjs. Everything seems fine but when the token get expired the system take me to the login page to login again. But ...
2
votes
0
answers
219
views
Can I use `JWTStatelessUserAuthentication` instead of `JWTAuthentication` in my Django project, even without multiple applications?
I'm currently working on a Django project, and I'm exploring the use of authentication mechanisms provided by Simple-JWT. In the documentation, I noticed the option of using ...
- 21
1
vote
0
answers
118
views
Getting an Invalid Credentials error in my Django login endpoint after access token has expired
I am using djangorestframework-simplejwt to configure authentication for my django app. I have configured a login view to authenticate a user with an email and password and I have a login endpoint to ...
0
votes
1
answer
131
views
Issue with Database Queries in Authenticated Django API Calls Despite JWT Verification
Each time an authorized API call is made using a bearer token (specifically a simple JWT), a database query is executed to retrieve user details, even though JWT Authentication is supposed to ...
- 21
0
votes
1
answer
180
views
axiosInstance raise error ->( Invalid token specified) -> after update -> user profile information ? why ? please solve it
in windows 10 , i'm using react-router-dom 5.2.0 and react-redux 7.2.5 and react 17.0.2 and axios 0.21.4 and WebStorm 2023.1.3 IDE and PyCharm Community Edition 2023.2 and djangorestframework==3.14.0 ...
