We Keep Coding

How to use Postman to authenticate Google Login with dj_rest_auth

So I am following the official documentation for Google sign in with DjangoRestFramework using DJ Rest Auth (this link)
I intend to authenticate with Postman Oauth2 (by following the guide and generating an Access Token)
Postman is generating an access token successfully, but I cannot seem to use this authentication in my API calls. Please who knows which step I am missing - I want to handle everything in Postman.
urls.py
urlpatterns = [
path('', Home.as_view(), name='home'),
path('admin/', admin.site.urls),
path('accounts/', include(api_urls, namespace='api')),
path('accounts/login/', GoogleLogin.as_view(), name='google_login'),
path('accounts/', include('rest_framework.urls')),
]
views.py
class GoogleLogin(SocialLoginView):
adapter_class = GoogleOAuth2Adapter
callback_url = 'http://localhost:8080/accounts/google/login/callback/'
client_class = OAuth2Client
On calling an API endpoint, I get an invalid token error:
If I however visit the Google Login view in my RestFramework UI (in my case http://localhost:8080/accounts/login), I get an endpoint to make a POST, and on making a POST request, a key is generated. Only this key (if used as a Bearer token) works in my API calls.
How can I authenticate on Google, and make my API calls independent of the DRF UI?
Callback URL has been configured on my Google Developer Client.
PS: I feel the answer is in step 6 of the documentation, but I am unable to figure out how to do this in Postman
POST code or token to specified URL(/dj-rest-auth/google/)

What I did here is from postman go to headers then put Authorization = Token youraccesskey
which in your case Authorization = Token ef057......
Hope it helps

Django - No CSRF error for posts without token

I'm using Django to host a React application. I added the CSRF protection middleware in Django. I tried testing it by sending a http post with Postman, without the x-csrftoken in the header. To my surprise, I did not get a 403, but I was able to get data without the x-csrftoken. How is this possible?
Below you find my CSRF settings. My additional Django settings are very straightforward and include CORS.
...
# Cross Origin Resource Sharing Protection
CORS_ALLOWED_ORIGINS = [
'http://127.0.0.1:3000',
]
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOW_CREDENTIALS = True
# Cross Site Request Forgery Protection
CSRF_TRUSTED_ORIGINS = []
MIDDLEWARE = [
...
'django.middleware.csrf.CsrfViewMiddleware',
]

If you are using anything other than SessionAuthentication CSRF will be disabled. In the docs.

Django MIDDLEWARE problem with RemoteUsers

My settings.py:
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.RemoteUserBackend',
'django.contrib.auth.backends.ModelBackend',
]
MIDDLEWARE = [
# ...
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
# ...
]
ModelBackend is used by the DRF Browsable API.
RemoteUserBackend is used by the frontend app.
If a user logs into the Browsable API, the frontend will send both the auth token and the session token. Both credentials are diferent django users.
AUTHENTICATION_BACKENDS are suposed to work by order, but AuthenticationMiddleware goes first in MIDDLEWARE , it's mandatory.
A session-authenticated user gets wrong data in the frontend app. Django ignores remote user credentials. The user must logout from the browsable API.
How can I fix this?

Just for the record. I simply did a logout from the frontend at page load.

Django Rest Framework : Authentication credentials were not provided

Images in the current database have one piece of data.
But, I am currently experiencing the following error
"GET /images/all/ HTTP/1.1" 401 58"
"detail": "Authentication credentials were not provided."
My Git Hub URL : https://github.com/Nomadcoders-Study/Nomadgram
Which part of the setup went wrong?

I saw your Github project settings.py file.
This error is because you are using IsAuthenticated backend for all of your requests to Rest APIs. Also you setup jwt authorization system:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
So basically, if you want to create a request to any of your API endpoints, you should provide jwt token authorization header in it. like this for:
curl "<your api endpoint>" -H "Authorization: jwt <token_received>"
Also remember to setup and API to receive token from it, by providing username and password in serializer.

try this in your settings file
settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAuthenticated',),
'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework_simplejwt.authentication.JWTAuthentication',),
}

You can add it to your project Settings rest_framework configuration
settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES'('rest_framework.authentication.BasicAuthentication', ),
}

django rest framework how to close Self describing APIs browsable

Like the image, I want to close The browsable API that REST framework provides.
Click to visit directly the JSON data.

In your settings.py file add following code in the section of REST_FRAMEWORK settings
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
),
If you use BrowsableAPIRendereryou will see browsable API interface. JSONRenderer will show JSON data.