dj-rest-auth tries to serialize the token model, even when it's `None`

iMerica / dj-rest-auth

Authentication for Django Rest Framework

https://dj-rest-auth.readthedocs.io/en/latest/index.html

MIT License

1.63k stars 304 forks source link

dj-rest-auth tries to serialize the token model, even when it's `None` #517

Open ruilvo opened 1 year ago

ruilvo commented 1 year ago

After some discussion on tfranzel/drf-spectacular#1005 (which I recommend the reading of), we have discovered that dj-rest-auth tries to serialize the token model, even when it's None.

Setting REST_AUTH = {"TOKEN_MODEL": None} is supported by the docs to fully disable token authentication. However, as @tfranzel points out, if JWT is not also enabled, this causes a serialization attempt to be performed anyway.

paulrogov commented 3 weeks ago

@ruilvo try setting TOKEN_SERIALIZER to None like this:

# settings.py
REST_AUTH = {
    'SESSION_LOGIN': True,
    'USE_JWT': False,
    'TOKEN_MODEL': None,
    'TOKEN_SERIALIZER': None,
}