Menu
I have this strange issue and I can't find why. I've build the API using django 1.7 and django rest framework and token auth for api authentication. All works fine on local host, but when I'm trying to call an API endpoint which requires authentication on production machine I'm getting 403 status code along with the following message: {"detail":"Authentication credentials were not provided."}. What I'm doing wrong?
I'm sending the token in the headers as per documentation. Here's how my settings file looks like:
INSTALLED APPLICATIONS = (
'......',
'rest_framework',
'rest_framework.authtoken',
'rest_framework_swagger',
'corsheaders',
'......')
MIDDLEWARE_CLASSES = (
'corsheaders.middleware.CorsMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.contrib.admindocs.middleware.XViewMiddleware',
'django.middleware.common.CommonMiddleware',
'admin_reorder.middleware.ModelAdminReorder',
)
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny'
],
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
),
'PAGINATE_BY_PARAM': 'page_size',
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',),
'VIEW_DESCRIPTION_FUNCTION': 'rest_framework_swagger.views.get_restructuredtext'
}
REST_SESSION_LOGIN = False
CORS_ORIGIN_ALLOW_ALL = True
694
Token authentication refers to exchanging username and password for a token that will be used in all subsequent requests so to identify the user on the server side.
Django-Knox is a framework that makes the authentication of the API endpoints built with the Django Rest Framework easier. However, Knox is also a token-based authentication like JSON Web Token (JWT) auth. Django-Knox comes with well-detailed documentation for easy implementation.
After verifying the credentials, the server issues two JSON Web Tokens to the user. One of them is an Access Token and the other is a Refresh Token. The frontend of your application then stores the tokens securely and sends the Access Token in the Authorization header of all requests it then sends to the server.
For me, the problem was, that Apache didn't forward the Authorization-Header to the WSGI-Process. Here's the fix:
Just add
WSGIPassAuthorization on
to your Apache (vhost) config.
74
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
