Django Rest Framework - Authentication credentials were not provided

Question

I'm developing an API using Django Rest Framework. I'm trying to list or create an "Order" object, but when i'm trying to access the console gives me this error:

{"detail": "Authentication credentials were not provided."}

Views:

from django.shortcuts import render
from rest_framework import viewsets
from django.contrib.auth.models import User
from rest_framework.renderers import JSONRenderer, YAMLRenderer
from rest_framework.response import Response
from rest_framework.views import APIView
from order.models import *
from API.serializers import *
from rest_framework.permissions import IsAuthenticated

class OrderViewSet(viewsets.ModelViewSet):
    model = Order
    serializer_class = OrderSerializer
    permission_classes = (IsAuthenticated,)

Serializer:

class OrderSerializer(serializers.HyperlinkedModelSerializer):

    class Meta:
        model = Order
        fields = ('field1', 'field2')

And my URLs:

# -*- coding: utf-8 -*-
from django.conf.urls import patterns, include, url
from django.conf import settings
from django.contrib import admin
from django.utils.functional import curry
from django.views.defaults import *
from rest_framework import routers
from API.views import *

admin.autodiscover()

handler500 = "web.views.server_error"
handler404 = "web.views.page_not_found_error"

router = routers.DefaultRouter()
router.register(r'orders', OrdersViewSet)

urlpatterns = patterns('',
    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
    url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token'),
    url(r'^api/', include(router.urls)),
)

And then I'm using this command in the console:

curl -X GET http://127.0.0.1:8000/api/orders/ -H 'Authorization: Token 12383dcb52d627eabd39e7e88501e96a2sadc55'

And the error say:

{"detail": "Authentication credentials were not provided."}

Try this: `curl -H "Authorization: Token 12383dcb52d627eabd39e7e88501e96a2sadc55" http://127.0.0.1:8000/api/orders/` — cor, Nov 13 '14 at 10:33
In my case this happened due to a teammate switching the user to inactive mode. — Brock, Dec 11 '15 at 21:51
Try to read [Authentication](http://www.django-rest-framework.org/api-guide/authentication/) first. — endless, Feb 26 '18 at 12:50

score 215 · Answer 1 · edited Jul 13 '21 at 07:12

215

If you are running Django on Apache using mod_wsgi you have to add

WSGIPassAuthorization On

in your httpd.conf. Otherwise, the authorization header will be stripped out by mod_wsgi.

edited Jul 13 '21 at 07:12

Sabito stands with Ukraine

4,271
8
34
56

answered Nov 18 '15 at 15:01

Robert Kovac

2,218
1
11
8

1

In case if you are wondering where to write this, follow the link. https://stackoverflow.com/questions/49340534/how-to-enable-wsgipassauthorization-for-django – user2858738 Apr 18 '18 at 08:41
4

for ubuntu there seems no `httpd.conf`. so you have to add `WSGIPassAuthorization On` in `/etc/apache2/apache2.conf` – suhailvs Jun 25 '18 at 01:19
I was confused by an issue where my requests from Postman were working from my localhost but not when sent to the live server. Your comment solved my issue. – RommelTJ Sep 10 '19 at 14:30
Solved My problem, I was able to get data via api on my localhost, but when deployed on server over https:// it was giving me same error. – Mir Suhail Feb 04 '20 at 11:42
Is this true only in production or for local development as well? – MadPhysicist May 10 '20 at 05:15
Not sure for local development on Apache, I'm using Django development server locally – Robert Kovac May 11 '20 at 07:33
Thanks for this, been getting a headache from this issue and this solved my problem – SJ19 Mar 19 '22 at 19:04
I had this same issue when testing with pytest – Adebayo A. Daniel Oct 03 '22 at 14:12

score 145 · Accepted Answer · answered Nov 13 '14 at 10:55

145

Solved by adding "DEFAULT_AUTHENTICATION_CLASSES" to my settings.py

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
       'rest_framework.authentication.TokenAuthentication',
   ),
   'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAdminUser'
   ),
}

answered Nov 13 '14 at 10:55

Marcos Aguayo

6,840
8
28
61

Thought I did this, but I had added `'rest_framework.authentication.TokenAuthentication'` to `DEFAULT_PERMISSION_CLASSES` instead of `DEFAULT_AUTHENTICATION_CLASSES` – netdigger Aug 08 '16 at 08:18
6

Thanks for this solution! I don't understand however why I didn't get the "Authentication credentials were not provided." error when making the request with Postman, whereas I *did* get the error when my Angular client made requests. Both with the same token in the Authorization header... – Sander Vanden Hautte Mar 07 '18 at 12:20
3

`SessionAuthentication` is enabled by default and works with the standard session cookies, so it's likely that your Angular (or other JS framework) application was working because of the default session authentication. – Kevin Brown-Silva Jul 02 '20 at 22:57

score 45 · Answer 3 · edited Jun 27 '16 at 16:44

45

This help me out without "DEFAULT_PERMISSION_CLASSES" in my settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),
    'PAGE_SIZE': 10
}

edited Jun 27 '16 at 16:44

Eric Palakovich Carr

22,701
8
49
54

answered Nov 27 '15 at 03:19

pony

1,331
11
13

6

The `SessionAuthentication` was what fixed it for me – Caleb_Allen Apr 06 '18 at 23:42
Fixed it for me too. Wonder why the Django tutorial on this doesn't mention it. See https://www.django-rest-framework.org/tutorial/quickstart/ . – Nick T May 17 '20 at 07:42
1

has any one figured out why it behaves like this? session on a mobile device has to do nothing with having a jwt token in the header of the request !! I am surprised by this solution after 5 hours of digging. – Ali H. Kudeir Feb 26 '21 at 04:00
The SessionAuthentication works for me, too. Now I understand why my code didn't work. – kokserek Sep 07 '22 at 10:52

score 25 · Answer 4 · edited Feb 08 '16 at 14:41

Just for other people landing up here with same error, this issue can arise if your request.user is AnonymousUser and not the right user who is actually authorized to access the URL. You can see that by printing value of request.user . If it is indeed an anonymous user, these steps might help:

Make sure you have 'rest_framework.authtoken' in INSTALLED_APPS in your settings.py.

Make sure you have this somewhere in settings.py:

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        # ...
    ),

    # ...
}

Make sure you have the correct token for the user who is logged in. If you do not have the token, learn how to get it here. Basically, you need to do a POST request to a view which gives you the token if you provide the correct username and password. Example:
```
curl -X POST -d "user=Pepe&password=aaaa"  http://localhost:8000/
```

Make sure the view which you are trying to access, has these:

class some_fancy_example_view(ModelViewSet): 
"""
not compulsary it has to be 'ModelViewSet' this can be anything like APIview etc, depending on your requirements.
"""
    permission_classes = (IsAuthenticated,) 
    authentication_classes = (TokenAuthentication,) 
    # ...

Use curl now this way:

curl -X (your_request_method) -H  "Authorization: Token <your_token>" <your_url>

Example:

    curl -X GET http://127.0.0.1:8001/expenses/  -H "Authorization: Token 9463b437afdd3f34b8ec66acda4b192a815a15a8"

How can one print `request.user`? It appears that the POST method of a class-based view is never getting processed. Where else can I try to print the user? — MadPhysicist, May 10 '20 at 05:19
user has to be authenticated to be able to being getting set in request object. Otherwise it just prints anonymous user. How are you authenticating your user ? — sherelock, May 10 '20 at 21:14

score 20 · Answer 5 · answered Nov 08 '16 at 09:17

If you are playing around in the command line (using curl, or HTTPie etc) you can use BasicAuthentication to test/user your API

    REST_FRAMEWORK = {
        'DEFAULT_PERMISSION_CLASSES': [
            'rest_framework.permissions.IsAuthenticated',
        ],
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework.authentication.BasicAuthentication',  # enables simple command line authentication
            'rest_framework.authentication.SessionAuthentication',
            'rest_framework.authentication.TokenAuthentication',
        )
    }

You can then use curl

curl --user user:password -X POST http://example.com/path/ --data "some_field=some data"

or httpie (its easier on the eyes):

http -a user:password POST http://example.com/path/ some_field="some data"

or something else like Advanced Rest Client (ARC)

BasicAuthentication is not simple command line authentication — llazzaro, May 13 '21 at 01:07

score 15 · Answer 6 · answered Jun 02 '20 at 03:35

15

For me, I had to prepend my Authorization header with "JWT" instead of "Bearer" or "Token" on Django DRF. Then it started working. eg -

Authorization: JWT asdflkj2ewmnsasdfmnwelfkjsdfghdfghdv.wlsfdkwefojdfgh

answered Jun 02 '20 at 03:35

kiko carisse

1,634
19
21

Same here. Using Next.JS with Django DRF as backend. – kenneho Sep 23 '20 at 13:09
Agreed. Trying django with react for the first time and your answer helped me. – Rahul Nov 24 '20 at 11:50

score 13 · Answer 7 · answered Sep 19 '20 at 09:21

13

I was having this problem with postman.Add this to the headers...

answered Sep 19 '20 at 09:21

mikelus

927
11
25

1

In my case, I had not selected the checkbox... :) Thanks, this gave me the clue – Laxmikant Sep 21 '20 at 14:19
I am using thunder client (extension for VS code) to check my API. The checkbox is authomatically checked when we add a new header of field or whatever. So this never came in my mind. But after seeing this answer, i unchecked the checkbox and then checked that again and that worked. Thanks.. – Irfan wani Jun 20 '21 at 09:32
1

I forgotten to add the "Token " prefix, careful guys – Ryan Mar 27 '22 at 11:05

score 12 · Answer 8 · answered Sep 06 '18 at 04:48

I too faced the same since I missed adding

authentication_classes = (TokenAuthentication)

in my API view class.

class ServiceList(generics.ListCreateAPIView):
    authentication_classes = (SessionAuthentication, BasicAuthentication, TokenAuthentication)
    queryset = Service.objects.all()
    serializer_class = ServiceSerializer
    permission_classes = (IsAdminOrReadOnly,)

In addition to the above, we need to explicitly tell Django about the Authentication in settings.py file.

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
   'rest_framework.authentication.TokenAuthentication',
   )
}

Harshit Gangwar · Answer 9 · 2021-02-17T05:08:55.650

6

Try this, it worked for me.

In settings.py

SIMPLE_JWT = {
     ....
     ...
     # Use JWT 
     'AUTH_HEADER_TYPES': ('JWT',),
     # 'AUTH_HEADER_TYPES': ('Bearer',),
     ....
     ...
}

Add this too

REST_FRAMEWORK = {
    ....
    ...
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    )
    ...
    ..
}

edited Feb 17 '21 at 05:08

answered Oct 15 '20 at 06:39

Harshit Gangwar

553
7
14

1

thank you so much)) worked with only `'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_simplejwt.authentication.JWTAuthentication',` – Maryna Klokova Nov 29 '22 at 19:49

score 4 · Answer 10 · edited Jul 13 '21 at 07:17

4

Adding SessionAuthentication in settings.py will do the job

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ( 
        'rest_framework.authentication.SessionAuthentication',
    ),
}

edited Jul 13 '21 at 07:17

Sabito stands with Ukraine

4,271
8
34
56

answered Jul 30 '18 at 06:41

Ab1gor

398
3
19

Aishwarya kabadi · Answer 11 · 2020-03-19T08:13:55.310

1

Since it is session Login so you need to provide you credentials so do 127.0.0:8000/admin admin and login later it will work fine

edited Mar 19 '20 at 08:13

answered Mar 12 '20 at 04:51

Aishwarya kabadi

301
2
5

2

Sorry, but this question is already answered with more detail than yours... – Muhammad Dyas Yaskur Mar 12 '20 at 06:14
This is for the people who need quick solution – Aishwarya kabadi Mar 12 '20 at 09:06

score 1 · Answer 12 · edited Aug 22 '20 at 03:17

1

If you are using authentication_classes then you should have is_active as True in User model, which might be False by default.

edited Aug 22 '20 at 03:17

David Medinets

5,160
3
29
42

answered Aug 21 '20 at 18:56

Piyush Jaiswal

11
1

what are the authentication classes? – Sam Dec 04 '20 at 14:24
1

How do we do this? – Shivangi Singh Jun 13 '21 at 16:37

score 1 · Answer 13 · answered Jun 15 '21 at 15:47

Also make sure that the Authorization Token / API key is actually valid. The Authentication credentials were not provided. error message seems to be what's returned by the API if the key is invalid as well (I encountered this when I accidently used the wrong API key).

score 1 · Answer 14 · answered Jul 27 '21 at 03:42

if anyone come here from Full Stack React & Django [5] - Django Token Authentication - Traversy Media So you need to something like this

accounts/api.py

from rest_framework import generics, permissions
from rest_framework.response import Response
from knox.models import AuthToken
from .serializers import LoginSerializer, RegisterSerializer, UserSerializer
from knox.auth import TokenAuthentication

# Register Api


class RegisterAPI(generics.GenericAPIView):
    serializer_class = RegisterSerializer

    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.save()
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": AuthToken.objects.create(user)[1]
        })

# Login Api


class LoginAPI(generics.GenericAPIView):
    serializer_class = LoginSerializer

    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.validated_data
        return Response({
            "user": UserSerializer(user, context=self.get_serializer_context()).data,
            "token": AuthToken.objects.create(user)[1]
        })

# Get User Api


class UserAPI(generics.RetrieveAPIView):
    authentication_classes = (TokenAuthentication,)
    permission_classes = [
        permissions.IsAuthenticated,
    ]

    serializer_class = UserSerializer

    def get_object(self):
        return self.request.user

score 1 · Answer 15 · answered Oct 11 '22 at 08:14

1

In my case TokenAuthentication was missing

@authentication_classes([SessionAuthentication, BasicAuthentication])

I changed it to below and it worked

@authentication_classes([SessionAuthentication, BasicAuthentication, TokenAuthentication])

answered Oct 11 '22 at 08:14

vishal kulkarni

173
1
8

score 0 · Answer 16 · answered Jun 09 '22 at 05:40

0

In case you are using a CDN, check that the CDN doesn't remove the request header when if forwards the request to your server.

answered Jun 09 '22 at 05:40

michael

530
4
16

score 0 · Answer 17 · answered Mar 02 '23 at 11:48

I added this in settings.py:

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.TokenAuthentication',
    'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': [
    'rest_framework.permissions.IsAuthenticated',
],

}

and I created a superuser and created a token using:

python manage.py createsuperuser

and created a token using http://127.0.0.1:8000/admin/authtoken/tokenproxy/ and nothing else and it just worked.

score 0 · Answer 18 · answered Apr 15 '23 at 10:24

I had strange issue for this error.

I was getting Token correctly and was passing Authorization token correctly in Postman and was still getting this error

{"detail": "Authentication credentials were not provided."}

I searched it on internet and check many SO questions. But nothing worked.

Then i closed Postman application and restart it again then it worked. I had no idea why Postman was behaving like that.

Thankfully problem is solved :)

score 0 · Answer 19 · answered May 19 '23 at 22:27

0

I had the same issue with postman and django backend. I used to use Bearer token but it started failing, I had to manually add the Authorization Header on Headers while prepending it with Token ie Token token

answered May 19 '23 at 22:27

Live Software Developer

326
3
5

score 0 · Answer 20 · answered Jul 16 '23 at 19:19

I'd also add that for those looking to implement Token only authentication. Ensure that your ViewSet's have the "authentication_classes" attribute.

For example:

from rest_framework.authentication import TokenAuthentication

class TaskViewSet(viewsets.ModelViewSet):
     """
     Tasks for the current user. This endpoint allows tasks to be viewed or edited. 
     """
     queryset = Task.objects.all().order_by('-created_at')
     serializer_class = TaskSerializer
     authentication_classes = [TokenAuthentication]
     permission_classes = [permissions.IsAuthenticated]

This will bypass the requirement for the users Username and Password to be required in the sessions request.

Django Rest Framework - Authentication credentials were not provided

20 Answers20

Linked