search

Styria-Digital / django-rest-framework-jwt

JSON Web Token Authentication support for Django REST Framework
https://styria-digital.github.io/django-rest-framework-jwt/
MIT License
192 stars 60 forks source link

doesn't play well with other "Authorization"-header auth plugins #57

Open radix opened 4 years ago

radix commented 4 years ago

When the Authorization header is sent with a prefix other than the configured one (default Bearer, though I override it to be JWT in my app), drf-jwt raises an AuthenticationFailed. This means that authentication is completely stopped and other auth plugins don't get a chance to run.

My app uses both drf-jwt and DRF Token authentication, so when I switched from the old djangorestframework-jwt to this, my DRF Token authentication stopped working. The old djangorestframework-jwt properly returned None instead of raising AuthenticationFailed when the prefix wasn't one it expected.

radix commented 4 years ago

To work around this I subclass JSONWebTokenAuthentication and override authenticate to do this:

    def authenticate(self, request):
        if request.environ.get('HTTP_AUTHORIZATION', '').startswith('JWT'): # Note I override prefix from Bearer to JWT
            return super().authenticate(request)
igorpejic commented 4 years ago

I am experiencing the same when trying to use an email confirmation link to create an account.

One would expect the Authentication to fall-through, and try other authentication methods, the same as it did in the original repository.

Or am I missing something?