12

I have this strange issue and I can't find why. I've build the API using django 1.7 and django rest framework and token auth for api authentication. All works fine on local host, but when I'm trying to call an API endpoint which requires authentication on production machine I'm getting 403 status code along with the following message: {"detail":"Authentication credentials were not provided."}. What I'm doing wrong?

I'm sending the token in the headers as per documentation. Here's how my settings file looks like:

INSTALLED APPLICATIONS = (
    '......',
    'rest_framework',
    'rest_framework.authtoken',
    'rest_framework_swagger',
    'corsheaders',
    '......')

MIDDLEWARE_CLASSES = (
    'corsheaders.middleware.CorsMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.contrib.admindocs.middleware.XViewMiddleware',
    'django.middleware.common.CommonMiddleware',
    'admin_reorder.middleware.ModelAdminReorder',
)

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny'
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    ),
    'PAGINATE_BY_PARAM': 'page_size',
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
    'VIEW_DESCRIPTION_FUNCTION': 'rest_framework_swagger.views.get_restructuredtext'
}

REST_SESSION_LOGIN = False
CORS_ORIGIN_ALLOW_ALL = True
jabez
  • 896
  • 1
  • 9
  • 22
  • 1
    Did you sent the token correctly? This message only spits out if the request is in bad format. It should be like: **Authorization: Token 401f7ac837da42b97f613d789819ff93537bee6a** – Fanis Despoudis May 10 '15 at 13:36
  • 7
    Are you using Apache and not telling it to forward the `Authorization ` header? This error is triggered if the header is missing or empty. – Kevin Brown-Silva May 10 '15 at 13:55
  • @FanisDespoudis I'm sending the token correct, on local works fine. – jabez May 10 '15 at 13:58
  • @KevinBrown This might be the issue. I will check with the sys admin. Thanks :) – jabez May 10 '15 at 14:00
  • It's possible that this is to do with having both SessionAuthentication and TokenAuthentication listed - the django-cors-headers docs say that you need to set `CORS_REPLACE_HTTPS_REFERER = True` and list corsheaders.middleware.CorsPostCsrfMiddleware after django.middleware.csrf.CsrfViewMiddleware (https://github.com/ottoyiu/django-cors-headers/) – Chris Berragan Sep 07 '15 at 12:51
  • Can you post the code you are using call the API endpoint? – Jonathan Stray Apr 11 '17 at 18:18

1 Answers1

20

For me, the problem was, that Apache didn't forward the Authorization-Header to the WSGI-Process. Here's the fix:

Just add

WSGIPassAuthorization on

to your Apache (vhost) config.

trnc
  • 20,581
  • 21
  • 60
  • 98
  • 4
    LifeSaver! To make this work on AWS ElasticBeanstalk, add a container command e.g. : `03wsgipass: command: 'echo "WSGIPassAuthorization On" >> ../wsgi.conf'` https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create-deploy-python-container.html#create-deploy-python-custom-container – birdsarah Feb 16 '19 at 05:43
  • 1
    Great thanks to all involved in this thread. I also had the problem on Beanstalk and it works great. – Greg Holst Apr 16 '19 at 14:26
  • 1
    I've been close to dropping `django-rest-knox` into using basic auth but this now works on mine! Thanks for this! – Denimar Fernandez May 04 '20 at 21:27
  • 1
    I couldn't for the life of me find the solution to my authentication not working with Apache until I saw your comment. Lifesaver! Thank you so much. – SJ19 Aug 30 '20 at 13:14
  • 1
    You are just amazing. Had this same problem with Django BE + Vue FE + Apache. This solves the issue. Thanks again. – Paandittya Jan 12 '23 at 13:26