我正在尝试关注Django OAuth工具包的教程:https://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial_03.html。说明如下更新de MIDDLEWARE:
MIDDLEWARE = (
'...',
# If you use SessionAuthenticationMiddleware, be sure it appears before OAuth2TokenMiddleware.
# SessionAuthenticationMiddleware is NOT required for using django-oauth-toolkit.
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'oauth2_provider.middleware.OAuth2TokenMiddleware',
'...',
)
然而,在我在Django 2.0.1中使用startproject生成的当前项目中,我看到SessionMiddleware和AuthenticationMiddleware,但没有SessionAuthenticationMiddleware:
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
# 'oauth2_provider.middleware.OAuth2TokenMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
我应该把OAuth2TokenMiddleware放在哪里?在注释掉的行中AuthenticationMiddleware之后?
答案 0 :(得分:1)
已删除SessionAuthenticationMiddleware类 - 在1.10中无条件启用了会话身份验证。
(见:https://docs.djangoproject.com/en/2.0/releases/2.0/#miscellaneous)
即。是的,它应该在AuthenticationMiddleware
之后