JWT Authorization Header not Processed

Django
1

I’m working on the Ultimate Django Series, Part 2. I’m in the Securing APIs section, video 9 - Getting the Current User.

  • I have JWT authentication setup
  • I have created 3 users (one being the superuser)
  • I have set tokens to last 1 day and have tokens for all users
  • I have a browser extention to add headers (simple-modify-headers for Firefox) and have tried all 3 users tokens
  • When I hit http://localhost:8000/auth/users/me/ I get 403 Forbidden with the error message “Authentication credentials were not provided.”
  • When I hit http://localhost:8000/app/list and print headers in this unprotected route in my app, I find my Authorization: JWT access_token_value header present

What could be have such that the header is detected in my app, but it is not being processes/detected properly to identify a user?

2

Anyone have ideas - this is really frustrating - I can see the header is present when handling my views, but the user is not detected. I just created the token.

3

I had an error in my settings file.

4

Hello, If you’re using django5, you should know that it’s maybe because of the django and jwt version. Probably in the tutorial you’re watching, mosh is using django3 - you can check it in the mosh codes in the ultimate django course PART 2 resources/code/6-securing apis/finish/storefront2/pipfile.lock

nowadays, the ‘bearer’ request header is very used and that was my problem too. i tried to use jwt as the request header and it didn’t work; while using the bearer request header with the same token worked properly.

wish of luck and god’s love,
a Mosh Student.