2

I am trying to implement Token based Authorization at my server APIs. But, when I fire a query then it returns {"detail": "Authentication credentials were not provided."}

I have done almost all the settings recommended at various posts and also at the Django documentation.

In my settings.py:

INSTALLED_APPS = [
    'rest_framework.authtoken',
]

And also,

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
       'rest_framework.authentication.TokenAuthentication',
   ),
   'DEFAULT_PERMISSION_CLASSES': (
       'rest_framework.permissions.IsAuthenticated',
   ),
}

In my views file:

from rest_framework.authentication import TokenAuthentication
from rest_framework.permissions import IsAuthenticated


class UserList(generics.ListCreateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated]

And in my Apache Config file at WSGI

WSGIPassAuthorization On

RewriteEngine on
 RewriteCond %{HTTP:Authorization} ^(.*)
 RewriteRule .* - [e=HTTP-AUTHORIZATION:%1]

I don't know if I am missing anything other than this. The token is pre-generated at super user level using command line.

Kevin Languasco
  • 2,318
  • 1
  • 14
  • 20
user15226396
  • 99
  • 2
  • 8

2 Answers2

0

The default Django Rest Framework HTML that you see when you go to your website in the browser does not work with token authorization. This is because you need to put Authorization: Token <insert your token here> in your header when sending a request. This is an issue because the form you fill out has no place to change headers.

I would suggest either Postman (nice GUI), or curl (command) to test out your API since you need to edit the HTTP headers of your requests.

  • Thanks for your reply and agreed. I am already using Postman and passing Authentication token through Header. The postman is giving same reply. – user15226396 Feb 21 '21 at 05:49
0

Have you seen this related S.O. question?

If you're using mod_wsgi, leave out the REWRITE section, put WSGIPassAuthorization On below the WSGIScriptAlias, WSGIDaemonProcess and WSGIProcessGroup directives. Just got my Apache + mod_wsgi configuration working, looks something like this:

...

    WSGIScriptAlias / /var/www/html/base/wsgi.py
    WSGIDaemonProcess django_app python-path=/var/www/html python-home=/var/www/html/env
    WSGIProcessGroup django_app
    WSGIPassAuthorization On

...