Django Rest Framework - Authentication credentials were not provided

Question

I'm developing an API using Django Rest Framework. I'm trying to list or create an "Order" object, but when i'm trying to access the console gives me this error:

{"detail": "Authentication credentials were not provided."}

Views:

from django.shortcuts import render
from rest_framework import viewsets
from django.contrib.auth.models import User
from rest_framework.renderers import JSONRenderer, YAMLRenderer
from rest_framework.response import Response
from rest_framework.views import APIView
from order.models import *
from API.serializers import *
from rest_framework.permissions import IsAuthenticated

class OrderViewSet(viewsets.ModelViewSet):
    model = Order
    serializer_class = OrderSerializer
    permission_classes = (IsAuthenticated,)

Serializer:

class OrderSerializer(serializers.HyperlinkedModelSerializer):

    class Meta:
        model = Order
        fields = ('field1', 'field2')

And my URLs:

# -*- coding: utf-8 -*-
from django.conf.urls import patterns, include, url
from django.conf import settings
from django.contrib import admin
from django.utils.functional import curry
from django.views.defaults import *
from rest_framework import routers
from API.views import *

admin.autodiscover()

handler500 = "web.views.server_error"
handler404 = "web.views.page_not_found_error"

router = routers.DefaultRouter()
router.register(r'orders', OrdersViewSet)

urlpatterns = patterns('',
    url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
    url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token'),
    url(r'^api/', include(router.urls)),
)

And then I'm using this command in the console:

curl -X GET http://127.0.0.1:8000/api/orders/ -H 'Authorization: Token 12383dcb52d627eabd39e7e88501e96a2sadc55'

And the error say:

{"detail": "Authentication credentials were not provided."}

Try this: `curl -H "Authorization: Token 12383dcb52d627eabd39e7e88501e96a2sadc55" http://127.0.0.1:8000/api/orders/` — cor, Nov 13 '14 at 10:33
In my case this happened due to a teammate switching the user to inactive mode. — Brock, Dec 11 '15 at 21:51
Try to read [Authentication](http://www.django-rest-framework.org/api-guide/authentication/) first. — endless, Feb 26 '18 at 12:50

score 185 · Answer 1 · answered Nov 18 '15 at 15:01

185

If you are runnig Django on Apache using mod_wsgi you have to add

WSGIPassAuthorization On

in your httpd.conf. Otherwise authorization header will be stripped out by mod_wsgi.

answered Nov 18 '15 at 15:01

Robert Kovac

1,918
1
8
8

1

In case if you are wondering where to write this, follow the link. https://stackoverflow.com/questions/49340534/how-to-enable-wsgipassauthorization-for-django – user2858738 Apr 18 '18 at 08:41
3

for ubuntu there seems no `httpd.conf`. so you have to add `WSGIPassAuthorization On` in `/etc/apache2/apache2.conf` – suhailvs Jun 25 '18 at 01:19
I was confused by an issue where my requests from Postman were working from my localhost but not when sent to the live server. Your comment solved my issue. – RommelTJ Sep 10 '19 at 14:30
Solved My problem, I was able to get data via api on my localhost, but when deployed on server over https:// it was giving me same error. – Mir Suhail Feb 04 '20 at 11:42
Is this true only in production or for local development as well? – MadPhysicist May 10 '20 at 05:15
Not sure for local development on Apache, I'm using Django development server locally – Robert Kovac May 11 '20 at 07:33

score 109 · Accepted Answer · answered Nov 13 '14 at 10:55

109

Solved by adding "DEFAULT_AUTHENTICATION_CLASSES" to my settings.py

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
       'rest_framework.authentication.TokenAuthentication',
   ),
   'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAdminUser'
   ),
}

answered Nov 13 '14 at 10:55

Marcos Aguayo

5,393
7
25
56

Thought I did this, but I had added `'rest_framework.authentication.TokenAuthentication'` to `DEFAULT_PERMISSION_CLASSES` instead of `DEFAULT_AUTHENTICATION_CLASSES` – netigger Aug 08 '16 at 08:18
6

Thanks for this solution! I don't understand however why I didn't get the "Authentication credentials were not provided." error when making the request with Postman, whereas I *did* get the error when my Angular client made requests. Both with the same token in the Authorization header... – Sander Vanden Hautte Mar 07 '18 at 12:20
`SessionAuthentication` is enabled by default and works with the standard session cookies, so it's likely that your Angular (or other JS framework) application was working because of the default session authentication. – Kevin Brown Jul 02 '20 at 22:57

score 34 · Answer 3 · edited Jun 27 '16 at 16:44

34

This help me out without "DEFAULT_PERMISSION_CLASSES" in my settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ),
    'PAGE_SIZE': 10
}

edited Jun 27 '16 at 16:44

Eric Palakovich Carr

20,472
8
45
51

answered Nov 27 '15 at 03:19

uestcfei

1,091
10
13

5

The `SessionAuthentication` was what fixed it for me – Caleb_Allen Apr 06 '18 at 23:42
Fixed it for me too. Wonder why the Django tutorial on this doesn't mention it. See https://www.django-rest-framework.org/tutorial/quickstart/ . – Nick T May 17 '20 at 07:42
1

has any one figured out why it behaves like this? session on a mobile device has to do nothing with having a jwt token in the header of the request !! I am surprised by this solution after 5 hours of digging. – decoder3-14 Feb 26 '21 at 04:00

score 18 · Answer 4 · edited Feb 08 '16 at 14:41

Just for other people landing up here with same error, this issue can arise if your request.user is AnonymousUser and not the right user who is actually authorized to access the URL. You can see that by printing value of request.user . If it is indeed an anonymous user, these steps might help:

Make sure you have 'rest_framework.authtoken' in INSTALLED_APPS in your settings.py.

Make sure you have this somewhere in settings.py:

REST_FRAMEWORK = {

    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
        # ...
    ),

    # ...
}

Make sure you have the correct token for the user who is logged in. If you do not have the token, learn how to get it here. Basically, you need to do a POST request to a view which gives you the token if you provide the correct username and password. Example:
```
curl -X POST -d "user=Pepe&password=aaaa"  http://localhost:8000/
```

Make sure the view which you are trying to access, has these:

class some_fancy_example_view(ModelViewSet): 
"""
not compulsary it has to be 'ModelViewSet' this can be anything like APIview etc, depending on your requirements.
"""
    permission_classes = (IsAuthenticated,) 
    authentication_classes = (TokenAuthentication,) 
    # ...

Use curl now this way:

curl -X (your_request_method) -H  "Authorization: Token <your_token>" <your_url>

Example:

    curl -X GET http://127.0.0.1:8001/expenses/  -H "Authorization: Token 9463b437afdd3f34b8ec66acda4b192a815a15a8"

How can one print `request.user`? It appears that the POST method of a class-based view is never getting processed. Where else can I try to print the user? — MadPhysicist, May 10 '20 at 05:19
user has to be authenticated to be able to being getting set in request object. Otherwise it just prints anonymous user. How are you authenticating your user ? — sherelock, May 10 '20 at 21:14

score 13 · Answer 5 · answered Nov 08 '16 at 09:17

If you are playing around in the command line (using curl, or HTTPie etc) you can use BasicAuthentication to test/user your API

    REST_FRAMEWORK = {
        'DEFAULT_PERMISSION_CLASSES': [
            'rest_framework.permissions.IsAuthenticated',
        ],
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'rest_framework.authentication.BasicAuthentication',  # enables simple command line authentication
            'rest_framework.authentication.SessionAuthentication',
            'rest_framework.authentication.TokenAuthentication',
        )
    }

You can then use curl

curl --user user:password -X POST http://example.com/path/ --data "some_field=some data"

or httpie (its easier on the eyes):

http -a user:password POST http://example.com/path/ some_field="some data"

or something else like Advanced Rest Client (ARC)

BasicAuthentication is not simple command line authentication — llazzaro, May 13 '21 at 01:07

score 10 · Answer 6 · answered Sep 06 '18 at 04:48

I too faced the same since I missed adding

authentication_classes = (TokenAuthentication)

in my API view class.

class ServiceList(generics.ListCreateAPIView):
    authentication_classes = (SessionAuthentication, BasicAuthentication, TokenAuthentication)
    queryset = Service.objects.all()
    serializer_class = ServiceSerializer
    permission_classes = (IsAdminOrReadOnly,)

In addition to the above, we need to explicitly tell Django about the Authentication in settings.py file.

REST_FRAMEWORK = {
   'DEFAULT_AUTHENTICATION_CLASSES': (
   'rest_framework.authentication.TokenAuthentication',
   )
}

score 7 · Answer 7 · answered Jun 02 '20 at 03:35

7

For me, I had to prepend my Authorization header with "JWT" instead of "Bearer" or "Token" on Django DRF. Then it started working. eg -

Authorization: JWT asdflkj2ewmnsasdfmnwelfkjsdfghdfghdv.wlsfdkwefojdfgh

answered Jun 02 '20 at 03:35

kiko carisse

986
11
17

Same here. Using Next.JS with Django DRF as backend. – kenneho Sep 23 '20 at 13:09
Agreed. Trying django with react for the first time and your answer helped me. – Rahul Nov 24 '20 at 11:50

score 4 · Answer 8 · answered Sep 19 '20 at 09:21

4

I was having this problem with postman.Add this to the headers...

answered Sep 19 '20 at 09:21

mikelus

685
8
20

In my case, I had not selected the checkbox... :) Thanks, this gave me the clue – Laxmikant Sep 21 '20 at 14:19

score 3 · Answer 9 · answered Jul 30 '18 at 06:41

3

Adding SessionAuthentication in settings.py will do the job

REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', ), }

answered Jul 30 '18 at 06:41

Pritam Roy

258
2
15

Harshit Gangwar · Answer 10 · 2021-02-17T05:08:55.650

3

Try this, it worked for me.

In settings.py

SIMPLE_JWT = {
     ....
     ...
     # Use JWT 
     'AUTH_HEADER_TYPES': ('JWT',),
     # 'AUTH_HEADER_TYPES': ('Bearer',),
     ....
     ...
}

Add this too

REST_FRAMEWORK = {
    ....
    ...
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    )
    ...
    ..
}

edited Feb 17 '21 at 05:08

answered Oct 15 '20 at 06:39

Harshit Gangwar

160
2
9

Aishwarya kabadi · Answer 11 · 2020-03-19T08:13:55.310

1

Since it is session Login so you need to provide you credentials so do 127.0.0:8000/admin admin and login later it will work fine

edited Mar 19 '20 at 08:13

answered Mar 12 '20 at 04:51

Aishwarya kabadi

81
4

1

Sorry, but this question is already answered with more detail than yours... – Muhammad Dyas Yaskur Mar 12 '20 at 06:14
This is for the people who need quick solution – Aishwarya kabadi Mar 12 '20 at 09:06

score 1 · Answer 12 · edited Aug 22 '20 at 03:17

1

If you are using authentication_classes then you should have is_active as True in User model, which might be False by default.

edited Aug 22 '20 at 03:17

David Medinets

4,078
3
25
39

answered Aug 21 '20 at 18:56

Piyush Jaiswal

11
1

what are the authentication classes? – Sam Dec 04 '20 at 14:24

Django Rest Framework - Authentication credentials were not provided

12 Answers12

Linked