[英]Determining IsAuthenticated in DRF Using DRF-JWT to retrieve a list testing with Postman
So I'm using DRF JWT
for my authentication. 因此,我正在使用
DRF JWT
进行身份验证。 User submits credentials, and if valid, responds with a JWT that is stored in sessionStorage
. 用户提交凭据,如果有效,则使用存储在
sessionStorage
的JWT进行响应。 Any time the user navigates the protected routes, the JWT /api/auth/refresh
to refresh the token if it is still valid. 每当用户浏览受保护的路由时,JWT
/api/auth/refresh
刷新令牌(如果该令牌仍然有效)。
Anyway, moving on from authentication and onto protected routes where data is retrieved based on if the user is IsAuthenticated
according to DRF. 无论如何,从身份验证转移到受保护的路由,根据用户是否根据DRF进行了
IsAuthenticated
来检索数据。 The problem is I am having difficulty figuring out how to determine IsAuthenticated
in DRF without having the user supply credentials again. 问题是我很难弄清楚如何在DRF中确定
IsAuthenticated
而不让用户再次提供凭据。 I should mention right now I am testing with Postman. 我现在应该提一下,我正在与Postman进行测试。
API URL: API网址:
/api/help/questions
I have the view as: 我认为是:
class GetQuestionsAPIView(ListAPIView):
queryset = Help.objects.all()
serializer_class = GetQuestionsSerializer
permission_classes = [IsAuthenticated,]
The serializer is: 序列化器是:
class GetQuestionsSerializer(ModelSerializer):
class Meta:
model = Help
fields = '__all__'
def validate(self, data):
return data
I have a valid token from /api/auth/signin/
. 我有来自
/api/auth/signin/
的有效令牌。 I'm trying to pass it on to the /api/help/questions/
route to retrieve the list of questions. 我正在尝试将其传递给
/api/help/questions/
路由以检索问题列表。
GET /api/help/questions/
doesn't work because it wants credentials. GET /api/help/questions/
不起作用,因为它需要凭据。 Authentication credentials were not provided.
GET /api/help/questions/
with Content-type: application/json
and 'Authorization and the token in the header also says
Authentication credentials were not provided.` GET /api/help/questions/
具有Content-type: application/json
和'Authorization, and the token in the header also says
未提供身份验证凭据。
Thought maybe it should be POST
since I submitting credentials and expecting the questions as the server response if authentication is valid, but pretty much the same results. 我认为可能应该是
POST
因为我提交了凭据,并且如果身份验证有效,则期望这些问题作为服务器响应,但结果几乎相同。
I'm obviously not the most knowledgeable on this subject, so any help would be appreciated. 我显然不是最了解此主题的人,因此将不胜感激。
Did you put your token into Authorization header? 您是否将令牌放入授权标头中? So after you login, you get a token and you should put it inside the headers on the request for your protected url like this:
因此,登录后,您将获得一个令牌,应将其放在请求受保护网址的标头中,如下所示:
Authorization: JWT <your_token>
Here's a sample using curl
: 这是使用
curl
的示例:
curl -H "Authorization: JWT <your_token>" http://localhost:8000/protected-url/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.