2

I have a working Django REST API backend. I was previously using session authentication, but would like to move to token based for scaling across multiple servers. I have been researching this for a couple days now and I have not found an answer to my problem. I added the djangorestframework-jwt package to my application but when I try to authenticate is always returns:

{"non_field_errors":["Unable to login with provided credentials."]}

I see in the jwt package where this error is, and can follow the code back through the authentication process. I do not see any errors in the auth process. When I try to create a user with those credentials it says that a user already exists, so I know it is hitting the correct user table. I am not sure why the obtain_jwt_token endpoint will not authenticate my credentials. Below are relevant sections of my django app. Any help would be greatly appreciated. If I am leaving anything out that could help figure this out please let me know and I will upload it. Thanks,

app/settings.py

REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.IsAuthenticated',
    ),
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
'PAGE_SIZE': 100,}

app/urls.py

urlpatterns = patterns('',
# Api
url(r'^api/', include(router.urls)),
url(r'^api/stats', statsviews.StatsView.as_view()),
url(r'^api/testing', statsviews.TestView.as_view()),
url(r'^api/login', 'rest_framework_jwt.views.obtain_jwt_token'),
url(r'^api/logout', logout, {'next_page': '/api/login'}),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
)

curl command

curl -d "email=test@myemail.com&password=test123" http://webhost.mywebsite.com:8080/api/login/
joed4no
  • 1,243
  • 13
  • 17
  • Have you added rest_framework_jwt to your INSTALLED_APPS list? – Adam_O Nov 02 '15 at 04:11
  • 1
    Nothing in the documentation says it needs to be added to the INSTALLED_APPS. I just says to add it to the DEFAULT_AUTHENTICATION_CLASS – joed4no Nov 02 '15 at 07:01
  • Add rest_framework_jwt to your installed apps. For whatever reason they left that out of the docs. – user1042361 Nov 02 '15 at 14:45
  • @joed4no django-rest-jwt uses username by default to login, you seem to be using email – ofnowhere Dec 17 '15 at 09:39
  • I had the same issue, and it had to do with how passwords were being stored by my custom user model. Can you login with a superuser created through `manage.py`? If so take a look at how their password is stored in admin vs the password of your custom user. If your custom user's password wasn't hashed, try copying the password from your superuser into the second user. Now try to get the token for the custom user using your superuser's password. – Jad S Jan 17 '17 at 01:43

2 Answers2

1

I have a very similar setup to you. A simple app, utilizing vanilla DRF JWT authentication. The only difference that I can tell is that I have rest_framework_jwt included in my INSTALLED_APPS list:

INSTALLED_APPS = (
    ...
    # Third Party Dependencies
    'rest_framework',
    'rest_framework_jwt',
    'corsheaders',
    ....

Try adding that and see where it gets you.

Adam_O
  • 341
  • 3
  • 11
0

I encountered the same problem too,and finally found the way out.

following the quick start guide (http://www.django-rest-framework.org/tutorial/quickstart/) , using python manage.py migrate to create table structure; using python manage.py createsuperuser to create an initial user named admin with a password of "password123"; (attention: the passwords mismatch in guides)

now it should be ok.

$ curl -X POST -d "username=admin&password=password123" http://127.0.0.1:8000/api-token-auth/
{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwidXNlcl9pZCI6MiwiZW1haWwiOiJhZG1pbkA3amdvLmNvbSIsImV4cCI6MTQ3MDY0NjY4Mn0.Dg4KW5pHHJfuaRzjqHTu8kYIzkq8js9}
Tomasz Jakub Rup
  • 10,502
  • 7
  • 48
  • 49
Howard
  • 31
  • 1
  • That worked but why doesn't it work with users created using API? Password is stored the same way. – Kakaji May 12 '17 at 05:56