Warning: file_get_contents(/data/phpspider/zhask/data//catemap/3/html/83.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Django:身份验证凭据未提供错误,因为访问和刷新令牌被设置为HttpOnly Cookie而没有授权标头_Django_Django Rest Framework_Http Headers_Django Rest Framework Simplejwt_Cookie Httponly - Fatal编程技术网
Fatal编程技术网
  • django/
  • Django:身份验证凭据未提供错误,因为访问和刷新令牌被设置为HttpOnly Cookie而没有授权标头

Django:身份验证凭据未提供错误,因为访问和刷新令牌被设置为HttpOnly Cookie而没有授权标头

django django-rest-framework

Django:身份验证凭据未提供错误,因为访问和刷新令牌被设置为HttpOnly Cookie而没有授权标头,django,django-rest-framework,http-headers,django-rest-framework-simplejwt,cookie-httponly,Django,Django Rest Framework,Http Headers,Django Rest Framework Simplejwt,Cookie Httponly,我已经将SimpleJWTaccess和refresh令牌设置为HttpOnly cookies。因此,我认为我不再需要使用“Authorization”标题,所以我删除了它。现在,当我提出请求时,它显示: {"detail": "Authentication credentials were not provided."} 在这里,我想我需要在视图中将Authorization头设置为access令牌。到目前为止,我已经编写了这段代码,但它不起作用。我

我已经将
SimpleJWT
access
refresh
令牌设置为HttpOnly cookies。因此,我认为我不再需要使用“Authorization”标题,所以我删除了它。现在,当我提出请求时,它显示:

{"detail": "Authentication credentials were not provided."}
在这里,我想我需要在视图中将
Authorization
头设置为
access
令牌。到目前为止,我已经编写了这段代码,但它不起作用。我希望它将
授权
头设置为请求并继续:

def list(self, request):
    access = request.COOKIES.get('access')
    request.META['Authorization'] = f"Bearer {access}"
    print(request.META.get('Authorization'))
    serializer = self.serializer_class(instance = self.request.user) 
    return Response(serializer.data)
如果请求不是来自客户端,我如何发送带有请求的
授权
头?
如下定义自定义JWT身份验证视图:


from rest_framework_simplejwt.authentication import JWTAuthentication
from django.conf import settings


class CustomAuthentication(JWTAuthentication):
    
    def authenticate(self, request):
        header = self.get_header(request)
        
        if header is None:
            raw_token = request.COOKIES.get(settings.SIMPLE_JWT['AUTH_COOKIE']) or None
        else:
            raw_token = self.get_raw_token(header)
        if raw_token is None:
            return None

        validated_token = self.get_validated_token(raw_token)

        return self.get_user(validated_token), validated_token



SIMPLE_JWT = {
........
'AUTH_COOKIE': 'access_token',
}
    REST_FRAMEWORK = {
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'authentication.authenticate.CustomAuthentication',
        ),
    }


这里给出自定义JWT令牌的路径:

设置。py:


from rest_framework_simplejwt.authentication import JWTAuthentication
from django.conf import settings


class CustomAuthentication(JWTAuthentication):
    
    def authenticate(self, request):
        header = self.get_header(request)
        
        if header is None:
            raw_token = request.COOKIES.get(settings.SIMPLE_JWT['AUTH_COOKIE']) or None
        else:
            raw_token = self.get_raw_token(header)
        if raw_token is None:
            return None

        validated_token = self.get_validated_token(raw_token)

        return self.get_user(validated_token), validated_token



SIMPLE_JWT = {
........
'AUTH_COOKIE': 'access_token',
}
    REST_FRAMEWORK = {
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'authentication.authenticate.CustomAuthentication',
        ),
    }



谢谢你的回答,但是,我使用中间件方法遵循了这个存储库,它是有效的:是的,但我的方法对这两种方法都有效。客户端可以强制发送
JWT
token(在移动应用程序中很有用)或DRF通过
httponly
cookie自动捕获令牌。