Django:身份验证凭据未提供错误,因为访问和刷新令牌被设置为HttpOnly Cookie而没有授权标头
我已经将Django:身份验证凭据未提供错误,因为访问和刷新令牌被设置为HttpOnly Cookie而没有授权标头,django,django-rest-framework,http-headers,django-rest-framework-simplejwt,cookie-httponly,Django,Django Rest Framework,Http Headers,Django Rest Framework Simplejwt,Cookie Httponly,我已经将SimpleJWTaccess和refresh令牌设置为HttpOnly cookies。因此,我认为我不再需要使用“Authorization”标题,所以我删除了它。现在,当我提出请求时,它显示: {"detail": "Authentication credentials were not provided."} 在这里,我想我需要在视图中将Authorization头设置为access令牌。到目前为止,我已经编写了这段代码,但它不起作用。我
SimpleJWT
access
和refresh
令牌设置为HttpOnly cookies。因此,我认为我不再需要使用“Authorization”标题,所以我删除了它。现在,当我提出请求时,它显示:
{"detail": "Authentication credentials were not provided."}
在这里,我想我需要在视图中将Authorization
头设置为access
令牌。到目前为止,我已经编写了这段代码,但它不起作用。我希望它将授权
头设置为请求并继续:
def list(self, request):
access = request.COOKIES.get('access')
request.META['Authorization'] = f"Bearer {access}"
print(request.META.get('Authorization'))
serializer = self.serializer_class(instance = self.request.user)
return Response(serializer.data)
如果请求不是来自客户端,我如何发送带有请求的
授权头?如下定义自定义JWT身份验证视图:
from rest_framework_simplejwt.authentication import JWTAuthentication
from django.conf import settings
class CustomAuthentication(JWTAuthentication):
def authenticate(self, request):
header = self.get_header(request)
if header is None:
raw_token = request.COOKIES.get(settings.SIMPLE_JWT['AUTH_COOKIE']) or None
else:
raw_token = self.get_raw_token(header)
if raw_token is None:
return None
validated_token = self.get_validated_token(raw_token)
return self.get_user(validated_token), validated_token
SIMPLE_JWT = {
........
'AUTH_COOKIE': 'access_token',
}
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'authentication.authenticate.CustomAuthentication',
),
}
这里给出自定义JWT令牌的路径:
设置。py:
from rest_framework_simplejwt.authentication import JWTAuthentication
from django.conf import settings
class CustomAuthentication(JWTAuthentication):
def authenticate(self, request):
header = self.get_header(request)
if header is None:
raw_token = request.COOKIES.get(settings.SIMPLE_JWT['AUTH_COOKIE']) or None
else:
raw_token = self.get_raw_token(header)
if raw_token is None:
return None
validated_token = self.get_validated_token(raw_token)
return self.get_user(validated_token), validated_token
SIMPLE_JWT = {
........
'AUTH_COOKIE': 'access_token',
}
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'authentication.authenticate.CustomAuthentication',
),
}
谢谢你的回答,但是,我使用中间件方法遵循了这个存储库,它是有效的:是的,但我的方法对这两种方法都有效。客户端可以强制发送JWT
token(在移动应用程序中很有用)或DRF通过httponly
cookie自动捕获令牌。