Menu
I have successfully setup TokenAuthentication and generated tokens which are sucessfully received by the user upon authentication. Unfortunately i am unable to send the token to the API without error (DRF TokenAuthentication). The token is hardcoded for test and im running with djangos runserver. I see from the response that only POST and OPTIONS is allowed, but i can curl without any problems:
curl -X GET http://127.0.0.1:8000/api-token-auth -H 'Authorization: Token a83ff8dabb7fc7b800d381fd3994dfe2051cc0c2'
The implementation
controller/Login.js:
reSignInCommand: function (aToken) {
var me = this;
Ext.Ajax.request({
url: 'http://127.0.0.1:8000/api-token-auth/',
method: 'GET',
disableCaching: false,
timeout: 10000,
useDefaultXhrHeader: false,
headers: {
'Authorization' : 'Token a83ff8dabb7fc7b800d381fd3994dfe2051cc0c2'
},
success: function(response) {
console.log("success");
},
failure: function(response) {
console.log("failure");
}
});
api/urls.py:
from django.conf.urls import patterns, url, include
urlpatterns += patterns('',
url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token'),
)
Debug:
Request URL:http://127.0.0.1:8000/api-token-auth/
Request Method:GET
Status Code:405 METHOD NOT ALLOWED
Request headers:
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:da,zh;q=0.8,de;q=0.6,en;q=0.4
Authorization:Token a83ff8dabb7fc7b800d381fd3994dfe2051cc0c2
Cache-Control:no-cache
Connection:keep-alive
Host:127.0.0.1:8000
Origin:http://127.0.0.1
Pragma:no-cache
Referer:http://127.0.0.1/sencha/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Response headers:
HTTP/1.0 405 METHOD NOT ALLOWED
Date: Fri, 20 Dec 2013 10:19:50 GMT
Server: WSGIServer/0.1 Python/2.7.5
Vary: Accept, Cookie
Access-Control-Allow-Origin: *
Content-Type: application/json
X-Frame-Options: SAMEORIGIN
Allow: POST, OPTIONS
574
TokenAuthentication. Note: The token authentication provided by Django REST framework is a fairly simple implementation. For an implementation which allows more than one token per user, has some tighter security implementation details, and supports token expiry, please see the Django REST Knox third party package.
Basic Authentication in Django REST Framework uses HTTP Basic Authentication. It is generally appropriate for testing. The REST framework will attempt to authenticate the Basic Authentication class and set the returned values to request. user and request.
Token authentication refers to exchanging username and password for a token that will be used in all subsequent requests so to identify the user on the server side.
curl response is same as AJAX response. curl response returned 301 status code instead of 405 because you used different URL (which had no trailing slash).
The problem is that you can only POST to /api-token-auth/ URL, GET method is not implemented.
As the Django REST framework API token authentication docs say, use-case is this:
username and password to /api-token-auth/ - to obtain an authentication token.Authentication is always run at the very start of the view, before the permission and throttling checks occur, and before any other code is allowed to proceed.
You do not have to verify the token, because its done for you. If token provided in the HTTP header is valid request will have extra objects:
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
