search

Tivix / django-rest-auth

This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)
www.tivix.com
MIT License
2.4k stars 661 forks source link

"Authentication credentials were not provided." Error occur While access through Postman #502

Open Navaruban opened 5 years ago

Navaruban commented 5 years ago

"Authentication credentials were not provided." Error occur While access API through Postman capture4

following code is used in Django setting.py file

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES':( 'rest_framework.authentication.TokenAuthentication',

for browsable api view usage

    'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.IsAuthenticated',
),

}

Please recommend a solution for this issue??

s-sebastian commented 5 years ago

Did you actually provide the authentication details?

Can you use some command line tool like HTTPie and provide the output from your request? ( Don't forget to obfuscate any sensitive data)

hammerdirt commented 5 years ago

Hi! The web interface works great however I can not connect using cURL:

Using: REST framework JWT Auth settings: REST_USE_JWT = True

Here trying to log in with cURL $ curl -X POST -d "{\"username\":\"shovel\", \"email\":\"shovel@hammerdirt.ch\", \"password\":\"123\"}" http://localhost:8000/rest-auth/login/ -v Note: Unnecessary use of -X or --request, POST is already inferred.

I tried formatting the data like this also: -d '{"username":"shovel", "email":"shovel@hammerdirt.ch", "password":"123"}' Got the same result.

Then i tried copying and pasting the returned JWT from the web interface to view the restricted page:

~$ curl -H "Authorization: JWTeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NzM5NCwiZW1haWwiOiIifQ.FILWdmNJchAwXh3SVdXSKu16YdrgkulaaXtqfsAygSg" -H "Content-Type: application/json" -X GET http://localhost:8000/api_jwt/see-stuff/ -v Note: Unnecessary use of -X or --request, GET is already inferred.

hammerdirt commented 5 years ago

In the web console, there is a csrf token and session id in the request header.

Maybe I misunderstood, but I thought that JWT was used instead? We want to go from machine to machine with no web interface. is that possible?

brunobarretofreitas commented 5 years ago

Did You provide the Token parameter in the header?

nandojve commented 5 years ago

I have Postman working with JWT. In Headers tab add 'Authorization' as Key and add 'JWT in Values. Notes: 1) you MUST HAVE an space after JWT keyword. 2) Use ONLY JSONWebTokenAuthentication. This will guarantee that Django will ignore things that only exists in browsers like session and you can simulate better for mobiles. 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

'rest_framework.authentication.SessionAuthentication',

    # 'rest_framework.authentication.BasicAuthentication',
),
dheerajpai commented 4 years ago

You need to authenticate with Token (In your case).

Try this

curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'

And read more in the doc

dheerajpai commented 4 years ago

https://www.django-rest-framework.org/api-guide/authentication/

has all details about Authentication and this issue must be closed

vasantp20 commented 4 years ago

Everything was working fine in Local Server, but on production Server I had to make changes in Apache.

syedmudaseer commented 4 years ago

@vasantp20 what were the change you made in apache? please describe

delegate-it commented 4 years ago

After removing the SIMPLE_JWT settings from the Settings.py file, I got the postman and curl to work

SIMPLE_JWT = {

'AUTH_HEADER_TYPES': ('JWT',),

}

Aishwarya19966 commented 4 years ago

Since it is session Login so you need to provide you credentials so do /admin and login later it will work fine

ge0rg commented 4 years ago

@syedmudaseer and anybody else stumbling on this later on, you need to enable WSGIPassAuthorization in the apache config:

WSGIPassAuthorization On
lanexbuzz02 commented 4 years ago

The proper way to attach a token on postman for simple TokenAuthentication is by going to the Headers tab and adding an "Authorization" key with a value "Token " (without quotes).

As pointed to by @dheerajpai in the link: https://www.django-rest-framework.org/api-guide/authentication/

I am just restating it here for clarity.

kalimist123 commented 3 years ago

For postman this is what you need image

ikramulhaq-arbisoft commented 3 years ago

I was facing the same issue. then went to the admin panel(http://127.0.0.1:8000/admin/) and logged in using superuser credentials. worked for me. Maybe, in my case, you can not access user data without authentication.

rpavez commented 3 years ago

Make sure you have WSGIPassAuthorization On on /wsgi.conf

theSekyi commented 3 years ago

After removing the SIMPLE_JWT settings from the Settings.py file, I got the postman and curl to work

SIMPLE_JWT = {

'AUTH_HEADER_TYPES': ('JWT',),

}

This works for me. Can anyone explain why?

Acel-01 commented 2 years ago

I have Postman working with JWT. In Headers tab add 'Authorization' as Key and add 'JWT in Values. Notes:

  1. you MUST HAVE an space after JWT keyword.
  2. Use ONLY JSONWebTokenAuthentication. This will guarantee that Django will ignore things that only exists in browsers like session and you can simulate better for mobiles. 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',

    'rest_framework.authentication.SessionAuthentication',

    'rest_framework.authentication.BasicAuthentication',

    ),

Thank you very much @nandojve. Using JWT instead of Bearer worked for me

Evengii commented 2 years ago

Hi! I tried to use oauth2 authentification with google API for my django framework project. But I don't know where to place access token to be authenticated in my service. I get an error - Authentication credentials were not provided. I think my token just not passed and the server doesn't get it.

So I did:

On finish I get 200 code response (it's HTML file of the google authorization page where I was redirected). Actually I should get code 404 and be redirected to http://localhost:8000/

I tracked all redirections in postman and I saw that I redirected to google auth page (where it suggest me some of my existed accounts), I passed my client id in request and that's it... my needed account is not chosen and I redirected to another endpoint and get 200 code.

Well, I hope somebody understands the topic and help me

Kabhishek18 commented 1 year ago

"Authentication credentials were not provided." Error occur While access API through Postman capture4

following code is used in Django setting.py file

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES':( 'rest_framework.authentication.TokenAuthentication', # for browsable api view usage 'rest_framework.authentication.SessionAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), }

Please recommend a solution for this issue??

**I did have the same issue with token access. In Curl its is working with string with " " not with single ''
I tried with same

curl http://127.0.0.1:8000/api/blog/1/ -H "Authorization: Token c63fe7a5286109841e7d25fbc7f9413e9483897b" Hope it work for you **

jbiddulph commented 3 months ago

I am getting the same issue, I've tried everything?! I am unable to log into /admin as a superuser as I have a custom API login but I doubt that should matter. I am getting:

403 Forbidden "detail": "Authentication credentials were not provided."