I'm trying to follow a tutorial on the Django OAuth Toolkit: https://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial_03.html. The instructions say to update de MIDDLEWARE as follows:
MIDDLEWARE = (
'...',
# If you use SessionAuthenticationMiddleware, be sure it appears before OAuth2TokenMiddleware.
# SessionAuthenticationMiddleware is NOT required for using django-oauth-toolkit.
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'oauth2_provider.middleware.OAuth2TokenMiddleware',
'...',
)
In my current project generated using startproject in Django 2.0.1, however, I see both SessionMiddleware and AuthenticationMiddleware, but no SessionAuthenticationMiddleware:
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
# 'oauth2_provider.middleware.OAuth2TokenMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Where should I put the OAuth2TokenMiddleware? After AuthenticationMiddleware as in the commented-out line?
The SessionAuthenticationMiddleware class has been removed - session authentication was unconditionally enabled in 1.10.
(see: https://docs.djangoproject.com/en/2.0/releases/2.0/#miscellaneous)
i.e. yes, it should come after AuthenticationMiddleware