I am having some trouble authenticating requests to a Django REST endpoint. I have a token-auth URL which points towards rest_framework_jwt.views.obtain_jwt_token, e.g.:
urlpatterns = [
path('token-auth/', obtain_jwt_token),
path('verify-token/', verify_jwt_token),
path('current_user/', CurrentUserView.as_view()),
]
where CurrentUserView is:
class CurrentUserView(APIView):
def post(self, request):
print(request.user)
serializer = UserSerializer(request.user)
return Response(serializer.data)
if I create a token in the browser by visiting http://localhost/token-auth/, I can then verify it using the command:
curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/verify-token/
however the same request called to the http://localhost/current_user/ returns a 400 code:
curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/current_user/
{"detail":"Authentication credentials were not provided."}
Framework settings are:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
And Django is being run in a container with the following Dockerfile:
FROM python:3
WORKDIR /code
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
COPY . .
ENV PYTHONUNBUFFERED=1
EXPOSE 8000
You should provide jwt token in your requests. here is the sample:
curl -X POST -H "Content-Type: application/json" -H "Authorization: jwt <MY_TOKEN>" http://localhost/current_user/
You are sending token by mistake in data section, instead you should provide it in Authorization header.