After some discussion on tfranzel/drf-spectacular#1005 (which I recommend the reading of), we have discovered that dj-rest-auth tries to serialize the token model, even when it's None.
Setting REST_AUTH = {"TOKEN_MODEL": None} is supported by the docs to fully disable token authentication.
However, as @tfranzel points out, if JWT is not also enabled, this causes a serialization attempt to be performed anyway.
After some discussion on tfranzel/drf-spectacular#1005 (which I recommend the reading of), we have discovered that dj-rest-auth tries to serialize the token model, even when it's
None
.Setting
REST_AUTH = {"TOKEN_MODEL": None}
is supported by the docs to fully disable token authentication. However, as @tfranzel points out, if JWT is not also enabled, this causes a serialization attempt to be performed anyway.