Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWTCookieAuthentication and SessionAuthentication not working together. #235

Open
haccks opened this issue Mar 17, 2021 · 5 comments
Open

JWTCookieAuthentication and SessionAuthentication not working together. #235

haccks opened this issue Mar 17, 2021 · 5 comments

Comments

@haccks
Copy link

haccks commented Mar 17, 2021
edited
Loading

I am using both of these authentication classes in settings.py file as DEFAULT_AUTHENTICATION_CLASSES.

'DEFAULT_AUTHENTICATION_CLASSES': [
        'dj_rest_auth.jwt_auth.JWTCookieAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ],

With this setting if I use browsable API then I get this error:

HTTP 401 Unauthorized
Allow: POST, OPTIONS
Content-Type: application/json
Vary: Accept
WWW-Authenticate: Bearer realm="api"

{
    "detail": "Given token not valid for any token type",
    "code": "token_not_valid",
    "messages": [
        {
            "token_class": "AccessToken",
            "token_type": "access",
            "message": "Token has wrong type"
        }
    ]
}
@NPGiorgi
Copy link

NPGiorgi commented Mar 21, 2021
edited
Loading

Not sure if this is the best way, but to my understanding for some reason the Login API is requesting credentials. My solution was to override the default class and remove any authentication requirements.

from dj_rest_auth.views import LoginView

class Login(LoginView):
    authentication_classes = []

And in the urls file

# ...

urlpatterns = [
    path("auth/login/", core_api.Login.as_view()),
    path("auth/", include("dj_rest_auth.urls")),
]

# ...

@johnckealy
Copy link

I found that I can get this to work only if I use DRF's Token Authentication as well:

    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
        'dj_rest_auth.jwt_auth.JWTCookieAuthentication'
    ),

I think Simple JWT must rely on this code to work.

@LennyLip
Copy link

LennyLip commented Jun 9, 2021
edited
Loading

It seems this app can work with JWT Token or DRF Token Auth only. If I tried to use DRF SessionAuthentication only I got server errors.

REST_USE_JWT = False

...
'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
    ),
...

INSTALLED_APPS = [
    ...
    'rest_framework',
    #'rest_framework.authtoken'
]

error:


File "/usr/local/lib/python3.7/dist-packages/dj_rest_auth/views.py" in post
  127.         self.login()

File "/usr/local/lib/python3.7/dist-packages/dj_rest_auth/views.py" in login
  79.                 self.serializer,

File "/usr/local/lib/python3.7/dist-packages/dj_rest_auth/utils.py" in default_create_token
  16.     token, _ = token_model.objects.get_or_create(user=user)

Exception Type: AttributeError at /api/v1/profiles/rest-auth/login/
Exception Value: type object 'Token' has no attribute 'objects'

Related issue #161

@haccks
Copy link
Author

haccks commented Jun 15, 2024

I am still facing this problem with version 5.1.0. Any workaround?

@haccks
Copy link
Author

haccks commented Jun 20, 2024

I am not sure why, but switching the order of these classes seem to work for now

'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.SessionAuthentication',
        'dj_rest_auth.jwt_auth.JWTCookieAuthentication',
    ],

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@LennyLip @haccks @NPGiorgi @johnckealy