"detail": "Authentication credentials were not provided." jwt drf

Делаю свой пет проект. Хочу сделать permissions, что бы только авторизированые пользователи могли манипулировать айтемами.

views.py

from .permissions import IsOnwerOrReadOnly


class CreateItemView(APIView):

   serializer_class = CreateItemSerializer
   permission_classes=[IsAuthenticatedOrReadOnly&IsOnwerOrReadOnly]
                           ...

permissions.py

from rest_framework import permissions


class IsOnwerOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.owner == request.user

INSTALLED_APPS

REST_FRAMEWORK = {
    'DEFAULT_PARSER_CLASSES':[
        'rest_framework.parsers.JSONParser',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ],
}

AUTH_USER_MODEL = "auth_app.Users"

SIMPLE_JWT = {
    "ACCESS_TOKEN_LIFETIME": timedelta(minutes=5),
    "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
    "ROTATE_REFRESH_TOKENS": False,
    "BLACKLIST_AFTER_ROTATION": False,
    "UPDATE_LAST_LOGIN": False,

    "ALGORITHM": "HS256",
    "SIGNING_KEY": SECRET_KEY,
    "VERIFYING_KEY": "",
    "AUDIENCE": None,
    "ISSUER": None,
    "JSON_ENCODER": None,
    "JWK_URL": None,
    "LEEWAY": 0,

    "AUTH_HEADER_TYPES": ("Bearer",),
    "AUTH_HEADER_NAME": "HTTP_AUTHORIZATION",
    "USER_ID_FIELD": "id",
    "USER_ID_CLAIM": "user_id",
    "USER_AUTHENTICATION_RULE": "rest_framework_simplejwt.authentication.default_user_authentication_rule",

    "AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
    "TOKEN_TYPE_CLAIM": "token_type",
    "TOKEN_USER_CLASS": "rest_framework_simplejwt.models.TokenUser",

    "JTI_CLAIM": "jti",

    "SLIDING_TOKEN_REFRESH_EXP_CLAIM": "refresh_exp",
    "SLIDING_TOKEN_LIFETIME": timedelta(minutes=5),
    "SLIDING_TOKEN_REFRESH_LIFETIME": timedelta(days=1),

    "TOKEN_OBTAIN_SERIALIZER": "rest_framework_simplejwt.serializers.TokenObtainPairSerializer",
    "TOKEN_REFRESH_SERIALIZER": "rest_framework_simplejwt.serializers.TokenRefreshSerializer",
    "TOKEN_VERIFY_SERIALIZER": "rest_framework_simplejwt.serializers.TokenVerifySerializer",
    "TOKEN_BLACKLIST_SERIALIZER": "rest_framework_simplejwt.serializers.TokenBlacklistSerializer",
    "SLIDING_TOKEN_OBTAIN_SERIALIZER": "rest_framework_simplejwt.serializers.TokenObtainSlidingSerializer",
    "SLIDING_TOKEN_REFRESH_SERIALIZER": "rest_framework_simplejwt.serializers.TokenRefreshSlidingSerializer",
}

В постмане перед токеном добавлял Bearer, просто пишет что инвалид токен. Делал свой класс аутентификации, все равно не помогло.

Авторизация и айтемы сделаны в отдельных аппах.

Вернуться на верх

Последние вопросы и ответы

Create question with options from same endpoint

Django difference between aware datetimes across DST

can I use get_or_create() in django to assign a global variable?

Django Celery Beat SQS slow scheduling

Django Mongodb Backend not creating collections and indexes

How to aggregate hierarchical data efficiently in Django without causing N+1 queries?

Deploy Django and Nginx under subpath

Django transaction.atomic() on single operation prevents race conditions?

can't find xgettext or msguniq but gettext-base is installed

Encoding full payload and decoding in server in REST

"detail": "Authentication credentials were not provided." jwt drf

Последние вопросы и ответы

Рекомендуемые записи по теме