378 questions
1
vote
2
answers
104
views
Upgrading Django to 5.2.7 causing error wth rest_framework_simplejwt as django.utils.timezone is depreciated
I am upgrading my Django project to v5.2.7.
After installing requirements.txt with the upgraded versions of all libraries, I ran the command to validate the code
python manage.py check
But it is ...
- 125
0
votes
2
answers
182
views
How to secure a refresh token in a JWT system when it's sent as an httpOnly cookie
In my React + Django project, I’m currently sending the refresh token as an HttpOnly cookie. The problem with HttpOnly cookies is that they are automatically sent by the browser, which makes them ...
- 9
0
votes
0
answers
50
views
How is jwt protected from XSS ? and why not use IP with the JWT hash?
I am creating my 1st django-react application, but i got stuck on the login process.
Currently i am using simplejwt, while i can keep the access token inside react state, the refresh token has to be ...
- 11
0
votes
0
answers
48
views
Django REST Framework , How to securely log out?
The classic issue of browser cache and back navigation button.
How can I make all necessary actions in backend that client can successfully log out?
I have implemented simplejwt token to http cookies, ...
- 3
0
votes
1
answer
142
views
Is this djoser implementation secure?
This question may be too broad for StackOverflow, but I'm not sure where else to go for help.
I wrote a simple authentication system in Django with Djoser and its JWT implementation, using jQuery on ...
- 899
0
votes
0
answers
86
views
SimpleJWT: Re-apply Blacklist Token Migration: "Table 'token_blacklist_blacklistedtoken' doesn't exist"
I have, rather sillily, run "python manage.py migrate --fake" when I added Django SimpleJWT's token blacklist functionality to my program. This means whenever I try to generate tokens or use ...
- 75
1
vote
0
answers
26
views
Can you handle all client interactions within a server action in Nextjs? How do get cookie-authentication working
Context
I am using django-rest-framework with simple-jwt authentication configured with a NextJS/React frontend, and when making a request to my django server from a react server component, I realised ...
1
vote
0
answers
69
views
Django Framework CSRF verification failed with 403 Forbidden error. Request aborted for non-HTML python script
I am using Django Framework with DRF to generate APIs at the backend. I am using python script as an standalone windows based application to retrieve and send data to the backend server which is ...
- 21
1
vote
2
answers
799
views
Unauthorized response to POST request in Django Rest Framework with Simple JWT
I am doing a project with REST API and Django Rest Framework. I currently have an issue in my post request where some of my endpoints return HTTP 401 Unauthorized, though all other get or update ...
- 35
-1
votes
3
answers
89
views
Call Api with special character in url
I have tried call API From FE with API is: http://localhost/search?userName=...
get(endpoint: string, responseType = 'json', params: HttpParams = null): Observable<any> {
let url = this....
- 9
-1
votes
1
answer
702
views
I'm using simple JWT for authentication in DRF project. when i try to access that api it showing bad_authorization_header
I am using simple jwt for my django rest framework project. I tried accessing using barrier token in postman it shows this error
{
"detail": "Authorization header must contain two ...
- 151
0
votes
0
answers
79
views
Authentication method for Django rest framework to mitigate XSS and CSRF attacks
I am using the Django Rest Framework for my backend and React for my front, and they are served in different domains and subdomains, and now I am completely confused about what I should do to secure ...
- 15
0
votes
1
answer
43
views
Error while trying to connect Django With ReactNative
I am building a React Native app with Django as the backend. I have set up the login screen in React Native and configured JWT authentication with rest_framework_simplejwt in Django. However, I ...
- 25
0
votes
0
answers
26
views
How to implement a mobile_no to be passed inorder to access tokens and not the default username and password
I'm not using password, by default simplejwt requires a default user so it prompts me for username, password and mobile_no - but I only want to user mobile no.
I tried to override the ...
0
votes
2
answers
159
views
How to customize the message for inactive user in Djoser?
I am working on a Django project and I am using Djoser as my auth library. However, when a user is trying to create a jwt token it returns
{
"detail": "No active account found with ...
- 53
0
votes
3
answers
1k
views
How to Store JWT Token for SSR in Next.js 14 Without Using localStorage?
I am facing an issue with storing a JWT token in Next.js 14. I want to load a page using SSR, but localStorage is not supported in server-side components. My scenario is as follows: after logging in, ...
0
votes
1
answer
49
views
In django DRF using JWT, why does postman properly block access to some views but they are available from my Angular front-end without authentication?
I’m trying to restrict access to some views of my API using Django Rest Framework and simpleJWT https://django-rest-framework-simplejwt.readthedocs.io/
The issue I’m facing is that postman correctly ...
- 1
0
votes
2
answers
244
views
"detail": "Authentication credentials were not provided." when trying to access list view as admin. Django REST framework
I have this simple view I built using Django REST framework:
class ProductListCreateAPIView(
StaffEditorPermissionMixin,
generics.ListCreateAPIView):
queryset = Product.objects....
0
votes
0
answers
40
views
NoReverseMatch at /api/login/social/jwt-pair/
I was following the documentation on drf social auth https://github.com/st4lk/django-rest-social-auth/tree/master
I've encountered an issue while working with Django-Rest-Social-Auth and Simple-JWT. ...
- 23
1
vote
2
answers
506
views
Overriding DRF settings for tests
I'm using Python 3.9, Django 3.2, DRF 3.12.4. I'm adding JWT authentication method using simple JWT. To test my auth method, I need to set
"DEFAULT_AUTHENTICATION_CLASSES": (
"...
- 13
0
votes
2
answers
235
views
How to customize the default Token invalid json response in django for JWTAuthentication
In my django rest app i like to change the default error response from JWTAuthentication. Currently my application is using JWT With django to work on login and logout (which blacklists the token). ...
- 1,205
0
votes
1
answer
197
views
jwt token is not working with custom user
Hi I want to implement jwt login method in django rest framework.
Below are the libraries I use.
asgiref 3.7.2
Django 5.0
django-debug-toolbar 4.2.0
djangorestframework 3.14.0
djangorestframework-...
- 138
0
votes
2
answers
150
views
DRF post request test failing because a custom permission is stating that the "owner_id" field (custom field) does not match the authenticated user id
I'm starting to write tests for my endpoint, "categories/", and I can't get past a custom permission that I have added to the view that is being tested. In this permission, it checks the ...
- 3
2
votes
0
answers
220
views
Can I use `JWTStatelessUserAuthentication` instead of `JWTAuthentication` in my Django project, even without multiple applications?
I'm currently working on a Django project, and I'm exploring the use of authentication mechanisms provided by Simple-JWT. In the documentation, I noticed the option of using ...
- 21
0
votes
1
answer
131
views
Issue with Database Queries in Authenticated Django API Calls Despite JWT Verification
Each time an authorized API call is made using a bearer token (specifically a simple JWT), a database query is executed to retrieve user details, even though JWT Authentication is supposed to ...
- 21