[Django]-Django Rest Framework โ€“ Authentication credentials were not provided

146๐Ÿ‘

โœ…

Solved by adding โ€œDEFAULT_AUTHENTICATION_CLASSESโ€ to my settings.py

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
       'rest_framework.authentication.TokenAuthentication',
   ),
   'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAdminUser'
   ),
}
๐Ÿ‘คMarcos Aguayo

219๐Ÿ‘

If you are running Django on Apache using mod_wsgi you have to add

WSGIPassAuthorization On

in your httpd.conf. Otherwise, the authorization header will be stripped out by mod_wsgi.

๐Ÿ‘คRobert Kovac

45๐Ÿ‘

This help me out without โ€œDEFAULT_PERMISSION_CLASSESโ€ in my settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),
    'PAGE_SIZE': 10
}
๐Ÿ‘คpony

25๐Ÿ‘

Just for other people landing up here with same error, this issue can arise if your request.user is AnonymousUser and not the right user who is actually authorized to access the URL. You can see that by printing value of request.user . If it is indeed an anonymous user, these steps might help:

  1. Make sure you have 'rest_framework.authtoken' in INSTALLED_APPS in your settings.py.

  2. Make sure you have this somewhere in settings.py:

     REST_FRAMEWORK = {
    
         'DEFAULT_AUTHENTICATION_CLASSES': (
             'rest_framework.authentication.TokenAuthentication',
             # ...
         ),
    
         # ...
     }
    
  3. Make sure you have the correct token for the user who is logged in.
    Basically, you need to do a POST request to a view which gives you the token if you provide the correct username and password. Example:

     curl -X POST -d "user=Pepe&password=aaaa"  http://localhost:8000/
    
  4. Make sure the view which you are trying to access, has these:

     class some_fancy_example_view(ModelViewSet): 
     """
     not compulsary it has to be 'ModelViewSet' this can be anything like APIview etc, depending on your requirements.
     """
         permission_classes = (IsAuthenticated,) 
         authentication_classes = (TokenAuthentication,) 
         # ...
    
  5. Use curl now this way:

     curl -X (your_request_method) -H  "Authorization: Token <your_token>" <your_url>
    

Example:

    curl -X GET http://127.0.0.1:8001/expenses/  -H "Authorization: Token 9463b437afdd3f34b8ec66acda4b192a815a15a8"
๐Ÿ‘คsherelock

20๐Ÿ‘

If you are playing around in the command line (using curl, or HTTPie etc) you can use BasicAuthentication to test/user your API

    REST_FRAMEWORK = {
        'DEFAULT_PERMISSION_CLASSES': [
            'rest_framework.permissions.IsAuthenticated',
        ],
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework.authentication.BasicAuthentication',  # enables simple command line authentication
            'rest_framework.authentication.SessionAuthentication',
            'rest_framework.authentication.TokenAuthentication',
        )
    }

You can then use curl

curl --user user:password -X POST http://example.com/path/ --data "some_field=some data"

or httpie (its easier on the eyes):

http -a user:password POST http://example.com/path/ some_field="some data"

or something else like Advanced Rest Client (ARC)

๐Ÿ‘คlukeaus

17๐Ÿ‘

For me, I had to prepend my Authorization header with โ€œJWTโ€ instead of โ€œBearerโ€ or โ€œTokenโ€ on Django DRF. Then it started working.
eg โ€“

Authorization: JWT asdflkj2ewmnsasdfmnwelfkjsdfghdfghdv.wlsfdkwefojdfgh

๐Ÿ‘คkiko carisse

14๐Ÿ‘

I was having this problem with postman.Add this to the headersโ€ฆ
enter image description here

๐Ÿ‘คmikelus

12๐Ÿ‘

I too faced the same since I missed adding

authentication_classes = (TokenAuthentication)

in my API view class.

class ServiceList(generics.ListCreateAPIView):
    authentication_classes = (SessionAuthentication, BasicAuthentication, TokenAuthentication)
    queryset = Service.objects.all()
    serializer_class = ServiceSerializer
    permission_classes = (IsAdminOrReadOnly,)

In addition to the above, we need to explicitly tell Django about the Authentication in settings.py file.

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
   'rest_framework.authentication.TokenAuthentication',
   )
}
๐Ÿ‘คprashant

6๐Ÿ‘

Try this, it worked for me.

In settings.py

SIMPLE_JWT = {
     ....
     ...
     # Use JWT 
     'AUTH_HEADER_TYPES': ('JWT',),
     # 'AUTH_HEADER_TYPES': ('Bearer',),
     ....
     ...
}

Add this too

REST_FRAMEWORK = {
    ....
    ...
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    )
    ...
    ..
}
๐Ÿ‘คHarshit Gangwar

4๐Ÿ‘

Adding SessionAuthentication in settings.py will do the job

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ( 
        'rest_framework.authentication.SessionAuthentication',
    ),
}
๐Ÿ‘คAb1gor

2๐Ÿ‘

if anyone come here from Full Stack React & Django [5] โ€“ Django Token Authentication โ€“ Traversy Media So you need to something like this

accounts/api.py

from rest_framework import generics, permissions
from rest_framework.response import Response
from knox.models import AuthToken
from .serializers import LoginSerializer, RegisterSerializer, UserSerializer
from knox.auth import TokenAuthentication

# Register Api


class RegisterAPI(generics.GenericAPIView):
    serializer_class = RegisterSerializer

    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.save()
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": AuthToken.objects.create(user)[1]
        })

# Login Api


class LoginAPI(generics.GenericAPIView):
    serializer_class = LoginSerializer

    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.validated_data
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": AuthToken.objects.create(user)[1]
        })

# Get User Api


class UserAPI(generics.RetrieveAPIView):
    authentication_classes = (TokenAuthentication,)
    permission_classes = [
        permissions.IsAuthenticated,
    ]

    serializer_class = UserSerializer

    def get_object(self):
        return self.request.user
๐Ÿ‘คAkash Shendage

2๐Ÿ‘

In my case TokenAuthentication was missing

@authentication_classes([SessionAuthentication, BasicAuthentication])

I changed it to below and it worked

@authentication_classes([SessionAuthentication, BasicAuthentication, TokenAuthentication])
๐Ÿ‘คvishal kulkarni

1๐Ÿ‘

Since it is session Login so you need to provide you credentials
so do
127.0.0:8000/admin
admin and login later it will work fine

1๐Ÿ‘

If you are using authentication_classes then you should have is_active as True in User model, which might be False by default.

๐Ÿ‘คPiyush Jaiswal

1๐Ÿ‘

Also make sure that the Authorization Token / API key is actually valid. The Authentication credentials were not provided. error message seems to be whatโ€™s returned by the API if the key is invalid as well (I encountered this when I accidently used the wrong API key).

๐Ÿ‘คrecvfrom

0๐Ÿ‘

In case you are using a CDN, check that the CDN doesnโ€™t remove the request header when if forwards the request to your server.

๐Ÿ‘คmichael

0๐Ÿ‘

I added this in settings.py:

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.TokenAuthentication',
    'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': [
    'rest_framework.permissions.IsAuthenticated',
],

}

and I created a superuser and created a token using:

python manage.py createsuperuser

and created a token using http://127.0.0.1:8000/admin/authtoken/tokenproxy/ and nothing else and it just worked.

0๐Ÿ‘

I had strange issue for this error.

I was getting Token correctly and was passing Authorization token correctly in Postman and was still getting this error

{"detail": "Authentication credentials were not provided."}

I searched it on internet and check many SO questions. But nothing worked.

Then i closed Postman application and restart it again then it worked. I had no idea why Postman was behaving like that.

Thankfully problem is solved ๐Ÿ™‚

๐Ÿ‘คAasim

0๐Ÿ‘

I had the same issue with postman and django backend. I used to use Bearer token but it started failing, I had to manually add the Authorization Header on Headers while prepending it with Token ie Token token

0๐Ÿ‘

Iโ€™d also add that for those looking to implement Token only authentication. Ensure that your ViewSetโ€™s have the "authentication_classes" attribute.

For example:

from rest_framework.authentication import TokenAuthentication

class TaskViewSet(viewsets.ModelViewSet):
     """
     Tasks for the current user. This endpoint allows tasks to be viewed or edited. 
     """
     queryset = Task.objects.all().order_by('-created_at')
     serializer_class = TaskSerializer
     authentication_classes = [TokenAuthentication]
     permission_classes = [permissions.IsAuthenticated]

This will bypass the requirement for the users Username and Password to be required in the sessions request.

๐Ÿ‘คKyle_K

Leave a comment