I am enabling token/api-key authentication on my API. But once I enable it, I can no longer use the browsable API page of the DRF. I know I can disable the authentication while developing, but this is a question of curiosity: Can I add an api-key to the header of each request sent to the browsable API page? Can I do that by tweaking the Browser settings? Or is it possible to tweak the Browsable API page itself and hardcode the api-key into it?
The better way to handle the situation is to add the SessionAuthentication to the DEFAULT_AUTHENTICATION_CLASSES section in your settings
# settings.py
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"rest_framework.authentication.TokenAuthentication",
"rest_framework.authentication.SessionAuthentication",
],
}
More precisely,
# settings.py
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": [
"rest_framework.authentication.TokenAuthentication",
],
}
if DEBUG:
REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"].append(
"rest_framework.authentication.SessionAuthentication"
)
By doing this, you can either use your APIKey or session key to authenticate the requests.
Related
So I am following the official documentation for Google sign in with DjangoRestFramework using DJ Rest Auth (this link)
I intend to authenticate with Postman Oauth2 (by following the guide and generating an Access Token)
Postman is generating an access token successfully, but I cannot seem to use this authentication in my API calls. Please who knows which step I am missing - I want to handle everything in Postman.
urls.py
urlpatterns = [
path('', Home.as_view(), name='home'),
path('admin/', admin.site.urls),
path('accounts/', include(api_urls, namespace='api')),
path('accounts/login/', GoogleLogin.as_view(), name='google_login'),
path('accounts/', include('rest_framework.urls')),
]
views.py
class GoogleLogin(SocialLoginView):
adapter_class = GoogleOAuth2Adapter
callback_url = 'http://localhost:8080/accounts/google/login/callback/'
client_class = OAuth2Client
On calling an API endpoint, I get an invalid token error:
If I however visit the Google Login view in my RestFramework UI (in my case http://localhost:8080/accounts/login), I get an endpoint to make a POST, and on making a POST request, a key is generated. Only this key (if used as a Bearer token) works in my API calls.
How can I authenticate on Google, and make my API calls independent of the DRF UI?
Callback URL has been configured on my Google Developer Client.
PS: I feel the answer is in step 6 of the documentation, but I am unable to figure out how to do this in Postman
POST code or token to specified URL(/dj-rest-auth/google/)
What I did here is from postman go to headers then put Authorization = Token youraccesskey
which in your case Authorization = Token ef057......
Hope it helps
I'm using Django to host a React application. I added the CSRF protection middleware in Django. I tried testing it by sending a http post with Postman, without the x-csrftoken in the header. To my surprise, I did not get a 403, but I was able to get data without the x-csrftoken. How is this possible?
Below you find my CSRF settings. My additional Django settings are very straightforward and include CORS.
...
# Cross Origin Resource Sharing Protection
CORS_ALLOWED_ORIGINS = [
'http://127.0.0.1:3000',
]
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOW_CREDENTIALS = True
# Cross Site Request Forgery Protection
CSRF_TRUSTED_ORIGINS = []
MIDDLEWARE = [
...
'django.middleware.csrf.CsrfViewMiddleware',
]
If you are using anything other than SessionAuthentication CSRF will be disabled. In the docs.
My settings.py:
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.RemoteUserBackend',
'django.contrib.auth.backends.ModelBackend',
]
MIDDLEWARE = [
# ...
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
# ...
]
ModelBackend is used by the DRF Browsable API.
RemoteUserBackend is used by the frontend app.
If a user logs into the Browsable API, the frontend will send both the auth token and the session token. Both credentials are diferent django users.
AUTHENTICATION_BACKENDS are suposed to work by order, but AuthenticationMiddleware goes first in MIDDLEWARE , it's mandatory.
A session-authenticated user gets wrong data in the frontend app. Django ignores remote user credentials. The user must logout from the browsable API.
How can I fix this?
Just for the record. I simply did a logout from the frontend at page load.
Images in the current database have one piece of data.
But, I am currently experiencing the following error
"GET /images/all/ HTTP/1.1" 401 58"
"detail": "Authentication credentials were not provided."
My Git Hub URL : https://github.com/Nomadcoders-Study/Nomadgram
Which part of the setup went wrong?
I saw your Github project settings.py file.
This error is because you are using IsAuthenticated backend for all of your requests to Rest APIs. Also you setup jwt authorization system:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
So basically, if you want to create a request to any of your API endpoints, you should provide jwt token authorization header in it. like this for:
curl "<your api endpoint>" -H "Authorization: jwt <token_received>"
Also remember to setup and API to receive token from it, by providing username and password in serializer.
try this in your settings file
settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAuthenticated',),
'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework_simplejwt.authentication.JWTAuthentication',),
}
You can add it to your project Settings rest_framework configuration
settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES'('rest_framework.authentication.BasicAuthentication', ),
}
Like the image, I want to close The browsable API that REST framework provides.
Click to visit directly the JSON data.
In your settings.py file add following code in the section of REST_FRAMEWORK settings
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
),
If you use BrowsableAPIRendereryou will see browsable API interface. JSONRenderer will show JSON data.