Search code examples
djangodjango-rest-frameworkjwtjson-apidjango-rest-framework-jwt

JSON:API with django-rest-framework-json-api and JWT

I thought it might be a good idea to use the standard JSON:API for my new project. Unfortunately I immediately failed to get the JWT authentication working. My setup:

  • Django
  • Django REST framework
  • REST framework JWT Auth
  • Django REST Framework JSON API

If I get OPTIONS for my auth path:

{
    "data": {
        "name": "Obtain Json Web Token",
        "description": "API View that receives a POST with a user's username and password.\n\nReturns a JSON Web Token that can be used for authenticated requests.",
        "renders": [
            "application/vnd.api+json",
            "text/html"
        ],
        "parses": [
            "application/vnd.api+json",
            "application/x-www-form-urlencoded",
            "multipart/form-data"
        ],
        "allowed_methods": [
            "POST",
            "OPTIONS"
        ],
        "actions": {
            "POST": {
                "username": {
                    "type": "String",
                    "required": true,
                    "read_only": false,
                    "write_only": false,
                    "label": "Username"
                },
                "password": {
                    "type": "String",
                    "required": true,
                    "read_only": false,
                    "write_only": true,
                    "label": "Password"
                }
            }
        }
    }
}

If I then try to POST naively with Content-Type: application/vnd.api+json:

{
    "data": {
        "user": "user1",
        "password": "supersecretpw"
    }
}

I get 409 Conflict response:

{
    "errors": [
        {
            "detail": "The resource object's type (None) is not the type that constitute the collection represented by the endpoint (ObtainJSONWebToken).",
            "source": {
                "pointer": "/data"
            },
            "status": "409"
        }
    ]
}

How can I either retrieve the token correctly or use the above mentioned packages correctly?

Solution

  • Your payload is not a valid JSON API document. It must have a resource object or a collection of resource objects on data key. A resource object must have id and type members. Attributes should be represented as an attributes object on attributes key.

    The error reported seems to be related to missing type member. Therefore it assumes a type of None, which is "not the type that constitute the collection represented by the endpoint". The last part seems to be specific to Django REST Framework JSON API implementation.

    Please note that JSON API specification is agnostic about authentication, so it's up to your implementation. You don't have to use a JSON API resource object to represent credentials. Often JSON API is not used for auth related endpoints cause standards for authentication implemented or conventions established are suggesting another payload structure for this endpoints.