DEVHIDE
Login Or Sign up

How to use both simple jwt token authentication and BasicAuthentication?

650 Views Asked by At

I have an DRF api and I have implemented the simplejwt authentication system. It works well. It is usefull when I want to connect my api from external script (I don't need to store credential and just use the token).

However I also want to be able to use the DRF interface login when i reach my api from browser so I have implemented also the Basic and SessionAuthentication. Is it the good way to do that ?

in my settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ]
}

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(days=1), 
}

in my api views.py

from rest_framework.permissions import IsAuthenticated
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.decorators import permission_classes, authentication_classes

# Create your views here.
@api_view(['GET'])
#@authentication_classes([SessionAuthentication, BasicAuthentication])
@permission_classes([IsAuthenticated])
def get_all(request):
    
    # as a token is used, the user with this token is know in the requets
    user = request.user
    # show only mesures of user having the token provided
    mesures = Mesure.objects.filter(user_id=user.id)
    serializer = MesureSerializer(mesures, many=True)
    
    return Response(serializer.data)

In my urls.py

from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView

urlpatterns = [
    path('mesures/', views.get_all),
    path('mesure-add/', views.add_mesure),
    path('token/', TokenObtainPairView.as_view(), name='obtain_tokens'),
    path('token/refresh/', TokenRefreshView.as_view(), name='refresh_token'),
    path('api-auth/', include('rest_framework.urls'))
]

As you can see I had to comment the @authentication_classes decorator to make it work for both with token and login. Do you believe this is a good way to proceed ?

django django-rest-framework django-rest-auth django-rest-framework-simplejwt
Original Q&A
1

There are 1 best solutions below

2
xprilion On BEST ANSWER

You should be fine with this because as per the DRF documentation -

Because we now have a set of permissions on the API, we need to authenticate our requests to it if we want to edit any snippets. We haven't set up any authentication classes, so the defaults are currently applied, which are SessionAuthentication and BasicAuthentication.

Source: Authenticating with the API

Ref: Line 109: rest_framework/views.py and Line 40: rest_framework/settings.py

Related Questions in DJANGO

Related Questions in DJANGO-REST-FRAMEWORK

Related Questions in DJANGO-REST-AUTH

Related Questions in DJANGO-REST-FRAMEWORK-SIMPLEJWT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.