使用Django REST框架进行JWT身份验证

时间:2018-11-30 18:59:41

标签: django rest django-rest-framework jwt django-rest-framework-jwt

我在验证对Django REST端点的请求时遇到了一些麻烦。我有一个令牌认证URL,它指向rest_framework_jwt.views.obtain_jwt_token,例如:

;WITH explode(ID, ValueID, value) AS
(
  SELECT t1.ID, t1.ValueID, f.value
  FROM dbo.Table1 t1
  CROSS APPLY STRING_SPLIT(t1.ValueID, ',') AS f
)
SELECT x.ID, x.ValueID, STRING_AGG(t2.ValueDescription,',')
FROM explode AS x
INNER JOIN dbo.Table2 AS t2
ON x.value = t2.ValueID
GROUP BY x.ID, x.ValueID
ORDER BY x.ID;

其中CurrentUserView为:

urlpatterns = [
    path('token-auth/', obtain_jwt_token),
    path('verify-token/', verify_jwt_token),
    path('current_user/', CurrentUserView.as_view()),
]

如果我通过访问http://localhost/token-auth/在浏览器中创建令牌,则可以使用以下命令进行验证:

class CurrentUserView(APIView):
    def post(self, request):
        print(request.user)
        serializer = UserSerializer(request.user)
        return Response(serializer.data)

然而,调用http://localhost/current_user/的同一请求将返回400代码:

curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/verify-token/

框架设置为:

curl -X POST -H "Content-Type: application/json" -d '{"token":<MY_TOKEN>}' http://localhost/current_user/

{"detail":"Authentication credentials were not provided."}

并且Django正在具有以下Dockerfile的容器中运行:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
}

1 个答案:

答案 0 :(得分:1)

您应该在请求中提供jwt令牌。这是示例:

curl -X POST -H "Content-Type: application/json" -H "Authorization: jwt <MY_TOKEN>" http://localhost/current_user/

您在数据部分错误地发送了令牌,而应该在授权标头中提供它。

相关问题
最新问题