search

jpadilla / django-rest-framework-jwt

JSON Web Token Authentication support for Django REST Framework
http://jpadilla.github.io/django-rest-framework-jwt/
MIT License
3.19k stars 648 forks source link

DRF Built-in API documentation not working with JSONWebTokenAuthentication & IsAuthenticated #450

Open begonaalvarezd opened 6 years ago

begonaalvarezd commented 6 years ago

Hello,

I have a Rest API working (all good here) with django-rest-framework and django-rest-framework-jwt. My problem is that I am trying to access the DRF Built-in API documentation for authenticated users only and I am unable to make it work. It throws me 401 error {u'detail': ErrorDetail(string=u'Authentication credentials were not provided.', code=u'not_authenticated')}.

Below I provide you relevant sections of my code and settings.

Urls:

# Rest Documentation
API_TITLE = 'Rest API'
API_DESCRIPTION = 'Rest API Description'
API_PUBLIC = False
AUTHENTICATION_CLASSES = [JSONWebTokenAuthentication] # is this correct?
PERMISSION_CLASSES = [IsAuthenticated] # of course, when I change this to AllowAny it works, but I need it restricted. 
PATTERNS = rest_api_urlspatterns

rest_api_docs_urlspatterns = [
    # Generate schema with valid `request` instance:
    url(r'^docs/', include_docs_urls(
        title=API_TITLE,
        description=API_DESCRIPTION,
        authentication_classes=AUTHENTICATION_CLASSES,
        permission_classes=PERMISSION_CLASSES,
        public = API_PUBLIC,
        patterns = rest_api_urlspatterns
    ))
]

Settings:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
       'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
}

JWT_AUTH = {
    'JWT_ENCODE_HANDLER': 'rest_framework_jwt.utils.jwt_encode_handler',
    'JWT_DECODE_HANDLER': 'rest_framework_jwt.utils.jwt_decode_handler',
    'JWT_PAYLOAD_HANDLER': 'api.utils.jwt_payload_handler',
    'JWT_PAYLOAD_GET_USER_ID_HANDLER': 'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler',
    'JWT_RESPONSE_PAYLOAD_HANDLER': 'api.utils.jwt_response_payload_handler',
    'JWT_SECRET_KEY': MY_PRIVATE_KEY,
    'JWT_ALGORITHM': ALOGIRTHM,
    'JWT_VERIFY': True,
    'JWT_VERIFY_EXPIRATION': True,
    'JWT_LEEWAY': 0,
    'JWT_EXPIRATION_DELTA': datetime.timedelta(days=15),
    'JWT_AUDIENCE': None,
    'JWT_ISSUER': None,
    'JWT_ALLOW_REFRESH': True,
    'JWT_REFRESH_EXPIRATION_DELTA': datetime.timedelta(days=7),
    'JWT_AUTH_HEADER_PREFIX': 'Bearer',
    # to use email instead of username
    'JWT_PAYLOAD_GET_USERNAME_HANDLER': 'api.utils.jwt_get_username_from_payload_handler'
}

Additionally, my views are restricted to IsAuthenticated:

class SomeView(APIView):
    permission_classes = (IsAuthenticated,)
    ....

Any idea what could be happening? Thank you very much!

mqinbin commented 5 years ago

you should make a login page. and the JSONWebTokenAuthentication info should be pass by front end.

settings.py JWT_AUTH = { JWT_AUTH_COOKIE:"any_short_str_you_like" #jwt mayby a good choice . default is None }