Django DRF JWT Authentication credentials were not provided on UpdateAPIView even for is_staff user

I'm implementing JWT authentication using Django REST Framework and djangorestframework-simplejwt in my project.

I have an endpoint for updating a category.

What I tried

  1. Verified that the JWT token is valid.

  2. Confirmed that the user is is_staff=True and is_superuser=True.

  3. Tried both PATCH and PUT methods.

Question

Why am I getting the error message:

Authentication credentials were not provided.

on this UpdateAPIView, even though JWT is configured and the user is admin?

Is there something specific about UpdateAPIView or the way permissions are checked that I might be missing?

Imports

from rest_framework import generics
from rest_framework.permissions import IsAdminUser
from drf_spectacular.utils import extend_schema
from .serializers import CategorySerializer
from .models import Category
from .limiter import AdminCategoryThrottle

View

@extend_schema(
    tags=["categories"],
    summary="Update category (admin only)",
    responses={201: CategorySerializer}
)
class UpdateCategoryView(generics.UpdateAPIView):
    """
    This endpoint allows an admin user to update a category.
    It is protected and only admin users can access it.
    """
    serializer_class = CategorySerializer
    permission_classes = [IsAdminUser]
    throttle_classes = [AdminCategoryThrottle]
    queryset = Category.objects.all()
    lookup_field = "slug"

Serializer

from rest_framework import serializers
from .models import Category

class CategorySerializer(serializers.ModelSerializer):
    class Meta:
        model = Category
        fields = ["name", "is_active"]
        read_only_fields = ["slug", "created_at", "updated_at"]

    def validate_name(self, value):
        if Category.objects.filter(name__iexact=value).exists():
            raise serializers.ValidationError("Category already exists.")
        return value

URL

path(
    "v1/category/<slug:slug>/update/", 
    UpdateCategoryView.as_view(), 
    name="update-category"
)

Problem

Even though my user has is_staff=True and is_superuser=True, when I make a PATCH or PUT request to the endpoint with a valid JWT token in the Authorization header:

Authorization: Bearer <access_token>

I get the response:

Authentication credentials were not provided.

Settings

I also added the following to my Django settings file:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
}

The error is not related to UpdateAPIView or admin permissions. actually the message Authentication credentials were not provided means DRF didn't authenticate the request at all, so permission checks never run.

most common cause is the request is not reaching JWTAuthentication . authentication can fall if the Authorization header is missing, malformed or stripped. or during testing it doesn't send headers correctly or maybe a reverse proxy is dropping the authorization header. it would be helpful if you could share how the request is being made, along with the full request headers being sent.

Вернуться на верх