Authentication credentials were not provided / Invalid payload

[sprucify]

Our token from Auth0 does contain a sub and email. But everything we tried with Curl will result in a

Authentication credentials were not provided.

OR

Invalid payload

Do we need all four of these authentication classes?: DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', 'rest_framework_auth0.authentication.Auth0JSONWebTokenAuthentication', ),

Our settings are now on Bearer: AUTH0 = { 'AUTH0_CLIENT_ID':'', 'AUTH0_CLIENT_SECRET':'', 'AUTH0_ALGORITHM':'HS256', #default used in Auth0 apps 'JWT_AUTH_HEADER_PREFIX': 'Bearer', #default prefix used by djangorestframework_jwt }

[mcueto]

@sprucify can you post an example payload please? it could be usefull to solve your problem.

Yes, you need all 4 authentication classes

[mcueto]

@sprucify if you check the payload at https://jwt.io/ is it ok? (signature verified)

[sprucify]

Yes we grab our auth0 token via jwt plugin and past it in curl.

[sprucify]

This is an example payload we have.

{ "nickname": "example", "email": "example@mail.com", "email_verified": true, "iss": "https://ourdomain.eu.auth0.com/", "sub": "google-oauth2|123456789", "aud": "secretstring", "exp": 1475656667, "iat": 1475620667 }

[mcueto]

I'm working on a sample project to correct this problem, meanwhile please check that your's django AUTH0_CLIENT_ID is the same that the value returned by aud attribute on the payload given. if this solves your problem, you will have another problem, that i'm fixing right now(error 500 due to an expected payload format).

I will correct this problem as soon as possible ;) Nice weekend

[ridike]

Great news

[ridike]

So, we solved this problem by removing the 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', from DEFAULT_AUTHENTICATION_CLASSES in settings.py

[mcueto]

@sprucify i updated this package please check if it solves your problem, if it cant please check out the sample project https://github.com/mcueto/djangorestframework-auth0_sample

[mcueto]

In the next few days i'm gonna to reactivate the development of this package and the sample project, so stay alert! ;)

[sprucify]

Great work on the sample project! Can you show us the auth0 payload structure as well? In that way we can check what metadata is needed

[mcueto]

No problem! I'll provide the minimum pay load needed and test different scopes! However, you always can debug the payload in jwt.io to see their structure.

Ps: I strongly recommend to use postman with chromium to test all your API endpoints

Ps2: please let me know if you solve the problem to close this issue :)

Nice Sunday for all of you

[mcueto]

@sprucify the payload i tested was the same that you posted, i'll try with a very very basic with only strictly necesary attributes and i'll post it! stay tuned ;)

ps: What happened with yopur problem? did you solve it? let me know to close this issue ;)

Nice weekend for all of you

[ridike]

HEy, @mcueto , I am working on the same project as @sprucify , as I wrote above we sovled it by removing 'rest_framework_jwt.authentication.JSONWebTokenAuthentication' class!

[mcueto]

@ridike ok! i didn't understand it! jajajajajaj

I close this issue then.

Thanks for use this package, don't forget to stay tuned and star it :+1:

[ridike]

Thank you so much, @mcueto, your package is a life-safer!

[mcueto]

@ridike @sprucify

Hello friends, tomorrow i'll provide a custom user and group models to allow to exced the 30 characters per username(that in case of login with a social auth can cause troubles), stay tuned! :)

PS: i'll update the documentation too

[ridike]

Hey @mcueto ! we were also thinking whether it is possible to make the group checking optional? We do not need groups but if payload does not have it, it causes problems. @sprucify

[mcueto]

Hey @mcueto ! we were also thinking whether it is possible to make the group checking optional? We do not need groups but if payload does not have it, it causes problems. @sprucify

@ridike Done, just upload the package to the last version(0.1.7) ;) i added an option to optionally use Auth0 Authorization Extension.

With the Django version 1.10 the username max_lenght is set to 150 characters, so i don't know if work on a backwards compatible model or just add django 1.10 as requirement for this package.

Nice weekend