Django Rest 框架 + React JWT 身份验证,403 禁止在受保护的视图上
[英]Django Rest Framework + React JWT authentication, 403 Forbidden on protected views
问题描述
I'm trying to make a CRUD website with DRF + react, i've somewhat followed this tutorial for authentication
我正在尝试使用 DRF + react 制作一个 CRUD 网站,我在某种程度上遵循了本教程进行身份验证
https://hackernoon.com/110percent-complete-jwt-authentication-with-django-and-react-2020-iejq34ta (with some differences since i'm using DRF and React completely separatedly) https://hackernoon.com/110percent-complete-jwt-authentication-with-django-and-react-2020-iejq34ta (有一些差异,因为我完全分开使用 DRF 和 React)
authentication is fine, i can already login, logout and signup, however any view that requires the permission "IsAuthenticated" gets me a 403 Forbidden, i've tried to also get the data through postman using the headers: Accept: application/json Authorization: JWT "myaccesstoken" but i also get a 403 with "detail": "You do not have permission to perform this action."身份验证很好,我已经可以登录、注销和注册,但是任何需要“IsAuthenticated”权限的视图都会给我一个 403 Forbidden,我也尝试使用标题通过 postman 获取数据:Accept: application/json Authorization :JWT“myaccesstoken”,但我也收到带有“详细信息”的 403:“您无权执行此操作。”
Here's some of the code这是一些代码
Settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication', (#I've already tried commenting out basic and session auth)
)
}
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
'REFRESH_TOKEN_LIFETIME': timedelta(days=14),
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': True,
'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
'VERIFYING_KEY': None,
'AUTH_HEADER_TYPES': ('JWT ',),
'USER_ID_FIELD': 'username',
'USER_ID_CLAIM': 'user_id',
'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
'TOKEN_TYPE_CLAIM': 'token_type',
}
CORS_ORIGIN_ALLOW_ALL = True
And the protected view和受保护的视图
views.py
class PostList(generics.ListCreateAPIView):
permission_classes = (IsAuthenticated,) (#I've tried with or without this)
authentication_classes = () (# if i take this out i get a 401 insteand of a 403)
queryset = Post.objects.all()
serializer_class = PostSerializer
I'm not showing any of the react code since i think the problem is in the DRF part since i can't make the GET request succesfully on PostMan either, if i change the settings to AllowAny i can make the GET requests in both places just fine我没有显示任何反应代码,因为我认为问题出在 DRF 部分,因为我也无法在 PostMan 上成功发出 GET 请求,如果我将设置更改为 AllowAny,我可以在这两个地方发出 GET 请求正好
1 个解决方案
解决方案1
2 2020-08-30 10:54:32
I have the same problem.我也有同样的问题。 It seems that REST_FRAMEWORK settings, for default authentication (specifically rest_framework_simplejwt) does not work.似乎用于默认身份验证的 REST_FRAMEWORK 设置(特别是 rest_framework_simplejwt)不起作用。 I don't know why...我不知道为什么...
Try to directly import JWTAuthentication class in your authentication_classes tuple like:尝试在您的 authentication_classes 元组中直接导入 JWTAuthentication class ,例如:
from rest_framework_simplejwt.authentication import JWTAuthentication
class PostList(generics.ListCreateAPIView):
permission_classes = (IsAuthenticated,)
authentication_classes = (JWTAuthentication)
queryset = Post.objects.all()
serializer_class = PostSerializer
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.