堆栈内存溢出
  简体   繁体   English

使用DRF-JWT检索Postman中的列表测试,确定DRF中的IsAuthenticated

[英]Determining IsAuthenticated in DRF Using DRF-JWT to retrieve a list testing with Postman

 原文  2017-10-31 00:06:36       django/ rest/ api/ django-rest-framework/ jwt

问题描述

So I'm using DRF JWT for my authentication. 因此,我正在使用DRF JWT进行身份验证。 User submits credentials, and if valid, responds with a JWT that is stored in sessionStorage . 用户提交凭据,如果有效,则使用存储在sessionStorage的JWT进行响应。 Any time the user navigates the protected routes, the JWT /api/auth/refresh to refresh the token if it is still valid. 每当用户浏览受保护的路由时,JWT /api/auth/refresh刷新令牌(如果该令牌仍然有效)。

Anyway, moving on from authentication and onto protected routes where data is retrieved based on if the user is IsAuthenticated according to DRF. 无论如何,从身份验证转移到受保护的路由,根据用户是否根据DRF进行了IsAuthenticated来检索数据。 The problem is I am having difficulty figuring out how to determine IsAuthenticated in DRF without having the user supply credentials again. 问题是我很难弄清楚如何在DRF中确定IsAuthenticated而不让用户再次提供凭据。 I should mention right now I am testing with Postman. 我现在应该提一下,我正在与Postman进行测试。

API URL: API网址: 

/api/help/questions

I have the view as: 我认为是: 

class GetQuestionsAPIView(ListAPIView):
    queryset = Help.objects.all()
    serializer_class = GetQuestionsSerializer
    permission_classes = [IsAuthenticated,]

The serializer is: 序列化器是: 

class GetQuestionsSerializer(ModelSerializer):

    class Meta:
        model = Help
        fields = '__all__'

    def validate(self, data):
        return data

I have a valid token from /api/auth/signin/ . 我有来自/api/auth/signin/的有效令牌。 I'm trying to pass it on to the /api/help/questions/ route to retrieve the list of questions. 我正在尝试将其传递给/api/help/questions/路由以检索问题列表。

GET /api/help/questions/ doesn't work because it wants credentials. GET /api/help/questions/不起作用,因为它需要凭据。 Authentication credentials were not provided.

GET /api/help/questions/ with Content-type: application/json and 'Authorization and the token in the header also says Authentication credentials were not provided.` GET /api/help/questions/具有Content-type: application/json和'Authorization, and the token in the header also says未提供身份验证凭据。

Thought maybe it should be POST since I submitting credentials and expecting the questions as the server response if authentication is valid, but pretty much the same results. 我认为可能应该是POST因为我提交了凭据,并且如果身份验证有效,则期望这些问题作为服务器响应,但结果几乎相同。

I'm obviously not the most knowledgeable on this subject, so any help would be appreciated. 我显然不是最了解此主题的人,因此将不胜感激。

1 个解决方案

解决方案1
 1 已采纳  2017-10-31 07:26:36

Did you put your token into Authorization header? 您是否将令牌放入授权标头中? So after you login, you get a token and you should put it inside the headers on the request for your protected url like this: 因此,登录后,您将获得一个令牌,应将其放在请求受保护网址的标头中,如下所示:

Authorization: JWT <your_token>

Here's a sample using curl : 这是使用curl的示例:

curl -H "Authorization: JWT <your_token>" http://localhost:8000/protected-url/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 获取DRF-jwt令牌 - Obtaining DRF-jwt token DRF 令牌身份验证 - 无法在 Postman 上检索令牌 - DRF Token Authentication - not able to retrieve Token on Postman DRF IsAuthenticated 似乎无法在远程服务器中正常工作 - DRF IsAuthenticated seems to be not working properly in remote server 集成测试 DRF - Integration testing DRF 在DRF中测试ImageField - Testing an ImageField in DRF 如何通过邮递员在drf post请求中发布列表 - How to post list in drf post request via postman 邮递员的 DRF HawkREST 身份验证失败 - DRF HawkREST authentication failed with postman 使用 DRF JWT 进行 Allauth 社交登录 - Allauth Social Login with DRF JWT 自定义django drf JWT响应 - Customize django drf JWT response Django 带 DRF 的调试工具栏 JWT - Django Debug Toolbar with DRF JWT
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM