30👍
Assuming you’re trying to use TokenAuthentication, the header should look like this:
Authorization: Token 6d82549b48a8b079f618ee9c51a6dfb59c7e2196
As described in the documentation.
115👍
Just in case anyone else comes across this error. This can also happen if you are running Django on Apache using mod_wsgi because the authorization header is stripped out by mod_wsgi. You’ll need to add the following to your VirtualHost configuration:
WSGIPassAuthorization On
- [Django]-How to check Django version
- [Django]-The view didn't return an HttpResponse object. It returned None instead
- [Django]-Is there a function for generating settings.SECRET_KEY in django?
20👍
I was having the same trouble with my Token Authentication
This fixed the problem to me
settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAdminUser'
),
'PAGINATE_BY': 10,
}
- [Django]-Folder Structure for Python Django-REST-framework and Angularjs
- [Django]-Django Admin Form for Many to many relationship
- [Django]-Trying to migrate in Django 1.9 — strange SQL error "django.db.utils.OperationalError: near ")": syntax error"
8👍
In my case this works:
(Django REST Framework v3)
settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
}
views.py
class Test(APIView):
def get(self, request, format=None):
return Response({'Result': 'OK'})
urls.py
router.add_api_view('test', url(r'^test/', views.Test.as_view(),name='test'))
Don’t forget to send the token information in the header:
Key: Authorization
Value: Token 76efd80cd6849ad7d35e04f1cc1eea35bdc20294
To generate tokens you can use the following (somewhere in your code):
from rest_framework.authtoken.models import Token
user = User.objects.get(username='<username>')
token = Token.objects.create(user=user)
print(token.key)
- [Django]-How do I include related model fields using Django Rest Framework?
- [Django]-Django serializer Imagefield to get full URL
- [Django]-Determine variable type within django template
2👍
For those who are on AWS elastic beanstalk and you are kind of stuck with apache and unless you have
WSGIPassAuthorization On
As mentioned by @Fiver your headers get stripped
Instead of manually fixing this and making a new image, I made a script that checks if the last line of the conf file is WSGIPassAuthorization On and if it is not we update it and restart the server
In my Django app I have a config folder with my sh file
configs/server/update-apache.sh
if [[ $(tac /etc/httpd/conf/httpd.conf | egrep -m 1 .) == $(echo 'WSGIPassAuthorization On') ]];
then
echo "Httpd.conf has already been updated"
else
echo "Updating Httpd.conf.."
echo 'WSGIPassAuthorization On' >> /etc/httpd/conf/httpd.conf
service httpd restart
fi
Make it excecutable before I commit it to git
chmod +x configs/server/update-apache.sh
Then in my python.config file I add the command at the end
.ebextensions/python.config
...
...
container_commands:
01_migrate:
command: "python manage.py migrate"
leader_only: true
02_collectstatic:
command: "python manage.py collectstatic --noinput"
03_change_perm:
command: "chown -R wsgi:root static"
03_update_apache:
command: "sh configs/server/update-apache.sh"
Now any new machine that starts up will have a check done to see if the server is updated and does so if need be
- [Django]-Django model object with foreign key creation
- [Django]-How do I get all the variables defined in a Django template?
- [Django]-Atomic increment of a counter in django
0👍
I got bitten by a related issue, sharing the solution in case it’s useful to anyone. Our test servers require HTTP Basic Auth for the whole site, i.e. users must log in via an http auth dialog before doing their personal login. This is a simple credential – just enough to keep the googlebot away. API requests to those servers handle this by embedding those credentials in the request, i.e.
url = "https://username:somepass@domain.com
The problem is that when you do that, the embedded credential is translated invisibly into an http Authorization header. That header keyword is thus already occupied, making it impossible to also send an Authentication header for the token, and the DRF API returns a confusing "No credential provided" error.
The solution was to use DRF’s Custom Authentication docs and create a new TokenAuthentication class subclassing DRF’s. In it I defined two methods: def get_custom_authorization_header() and def authenticate(), where authenticate() calls get_custom_authorization_header(), which overrides the auth = line:
auth = request.headers.get("X-Ourcustom-Authorization", b"")
Calling code to test servers then replaces
headers = {"Authorization": f"Token {your_token}"}
with
headers = {"X-OurCustom-Authorization": f"Token {token}"}
- [Django]-Sending images using Http Post
- [Django]-How to concatenate strings in django templates?
- [Django]-Django.contrib.auth.logout in Django