JWT 注销“详细信息”:“未提供身份验证凭据。”
[英]JWT Logout “detail”: “Authentication credentials were not provided.”
问题描述
I am trying to create a Logout endpoint for a jwt token in djangorestframework.
我正在尝试为 djangorestframework 中的 jwt 令牌创建一个注销端点。 When I access this endpoint via postman, I get "detail": "Authentication credentials were not provided."当我通过 postman 访问此端点时,我得到"detail": "Authentication credentials were not provided." What am I missing here?我在这里想念什么?
- Am I supposed to create a serializer that has a field for the refresh token and add it to the view?我是否应该创建一个包含刷新令牌字段的序列化程序并将其添加到视图中?
- Am I parsing the data corretly in postman?我是否正确解析了 postman 中的数据?
views.py视图.py
from rest_framework.permissions import IsAuthenticated
from rest_framework_simplejwt.tokens import RefreshToken
class LogoutView(APIView):
permission_classes = (IsAuthenticated,)
def post(self, request):
try:
refresh_token = request.data["refresh_token"]
token = RefreshToken(refresh_token)
token.blacklist()
return Response(status=status.HTTP_205_RESET_CONTENT)
except Exception as e:
return Response(status=status.HTTP_400_BAD_REQUEST)
urls.py网址.py
from accounts.views.user_api_views import (
LogoutView,
LogoutAllView,
)
urlpatterns = [
path("auth/", include("djoser.urls")),
path("auth/", include("djoser.urls.jwt")),
path("auth/token/", ObtainCustomizedTokenView.as_view(), name="token_obtain_pair"),
path(
"auth/token/refresh/",
jwt_views.TokenRefreshView.as_view(),
name="token_refresh",
),
path("logout/", LogoutView.as_view(), name="logout"),
path("logout_all/", LogoutAllView.as_view(), name="logout_all"),
]
settings.py设置.py
INSTALLED_APPS = [
...
# local apps
# 3rd party
"storages",
"rest_framework",
"rest_framework_gis",
"rest_framework.authtoken",
"djoser",
"django_celery_beat",
"raven.contrib.django.raven_compat",
"rest_framework_simplejwt.token_blacklist",
]
......
SIMPLE_JWT = {
"ACCESS_TOKEN_LIFETIME": timedelta(weeks=521), # 10 years
"REFRESH_TOKEN_LIFETIME": timedelta(weeks=521),
"ROTATE_REFRESH_TOKENS": True,
"BLACKLIST_AFTER_ROTATION": True,
"ALGORITHM": "HS256",
"SIGNING_KEY": SECRET_KEY,
"VERIFYING_KEY": None,
"AUTH_HEADER_TYPES": ("JWT",),
"USER_ID_FIELD": "id",
"USER_ID_CLAIM": "user_id",
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
"TOKEN_TYPE_CLAIM": "token_type",
}
......
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework_simplejwt.authentication.JWTAuthentication",
),
"DEFAULT_PARSER_CLASSES": [
"rest_framework.parsers.JSONParser",
"rest_framework.parsers.FormParser",
"rest_framework.parsers.MultiPartParser",
],
"DEFAULT_PERMISSIONS_CLASSES": ("rest_framework.permissions.IsAuthenticated"),
}
Image from Postman图片来自 Postman
1 个解决方案
解决方案1
0 已采纳 2021-03-22 08:09:33
I solved this by removing the setting "AUTH_HEADER_TYPES": ("JWT",) from SIMPLE_JWT settings.我通过从 SIMPLE_JWT 设置中删除设置"AUTH_HEADER_TYPES": ("JWT",)解决了这个问题。 My settings modified settings file is as follows:我的设置修改设置文件如下:
SIMPLE_JWT = {
"ACCESS_TOKEN_LIFETIME": timedelta(weeks=521), # 10 years
"REFRESH_TOKEN_LIFETIME": timedelta(weeks=521),
"ROTATE_REFRESH_TOKENS": True,
"BLACKLIST_AFTER_ROTATION": True,
"ALGORITHM": "HS256",
"SIGNING_KEY": SECRET_KEY,
"VERIFYING_KEY": None,
"USER_ID_FIELD": "id",
"USER_ID_CLAIM": "user_id",
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
"TOKEN_TYPE_CLAIM": "token_type",
}
Alternatively, adding Bearer to the list of "AUTH_HEADER_TYPES": ("JWT","Bearer") also worked.或者,将 Bearer 添加到"AUTH_HEADER_TYPES": ("JWT","Bearer")列表中也可以。 When choosing the authorization type in postman, It gives you the option of Bearer Token .在 postman 中选择授权类型时,它为您提供Bearer Token选项。 This means that, the view will look for a header containing the pattern Authorization: Bearer <token> .这意味着,视图将查找包含模式Authorization: Bearer <token>的 header 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.