Can't use python requests to post form to django server, csrf token missing or incorrect

Question

I'm a tester at a company that's using a django backend. I want to write a test that modifies a user by posting form data to one of the django admin screens. Our backend testing environment is protected via basic auth at the firewall, and then uses a csrf token when communicating with django. I am able to use basic auth to get to the django server, and then I can actually log into the site using csrf, and get the server to send me the test user's accou nt page. But when posting right back to that same endpoint with my data changes, it fails for csrf validation (CSRF token missing or incorrect). I can't figure out why csrf validation works in some instances, but not in others. Can anyone tell me what I'm doing wrong? I've created a mvp out of my code that attempt to elucidate the issue. Hopefully, someone out there knows what I'm doing wrong.

    session = requests.Session()
    auth = requests.auth.HTTPBasicAuth('redacted', 'redacted')
    session.auth = auth
    url = "http://local.redacted.dev/ouadm/login/"

    response = session.get(url, params={'next': '/ouadm/'}, allow_redirects=True)

    session.headers['Referer'] = 'https://redacted.com/ouadm/login/'
    csrfmiddlewaretoken = response.cookies['csrftoken']
    data = {'csrfmiddlewaretoken': csrfmiddlewaretoken, 'username': 'testuser', 'password': 'password'}
    response = session.post(url, data=data, params={'next': '/ouadm/'}, allow_redirects=True)

    data = {'csrfmiddlewaretoken': csrfmiddlewaretoken, 'csrftoken': csrfmiddlewaretoken, 'username': 'testuser',
            'first_name': 'joe', 'last_name': 'user',
            'email': 'testuser@redacted.com', 'is_active': 'on', 'is_staff': 'on', 'is_superuser': 'on',
            'groups': '6',
            'groups': '13', 'groups': '18', 'groups': '21', 'groups': '16', 'groups': '11',
            'user_permissions': '334',
            'user_permissions': '16', 'last_login_0': '2016-05-25', 'last_login_1': '14,32,04',
            'date_joined_0': '2015-10-26',
            'date_joined_1': '15,44,35', 'initial-date_joined_0': '2015-10-26', 'initial-date_joined_1': '15,44,35',
            '_save': 'Save'}
    #desperate much?
    session.headers['HTTP_X_CSRFToken'] = csrfmiddlewaretoken
    session.headers['HTTP_X_OU_AUTH_TOKEN'] = csrfmiddlewaretoken
    session.headers['X-CSRFToken'] = csrfmiddlewaretoken

    response = session.get('http://local.redacted.dev/ouadm/auth/user/11/', data=data, allow_redirects=True)
    session.headers.update({'Referer':'http://local.redacted.dev/ouadm/auth/user/11/'})
    response = session.post('http://local.redacted.dev/ouadm/auth/user/11/', data=data, allow_redirects=True)