我不是在 DRF 中设置设置文件的专家。我想使用 React 和 DRF 进行身份验证,这是我的代码
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'accounts',
'api.apps.ApiConfig',
'rest_framework',
'corsheaders',
'social_django',
'rest_framework_simplejwt',
'rest_framework_simplejwt.token_blacklist',
'django.contrib.sites',
'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.google',
'rest_framework.authtoken',
'dj_rest_auth',
'dj_rest_auth.registration',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'allauth.account.middleware.AccountMiddleware', #allauth
]
CORS_ALLOWED_ORIGINS = [
"http://localhost:3000",
"http://127.0.0.1:3000",
]
CORS_ORIGIN_WHITELIST = [
"http://localhost:3000",
"http://127.0.0.1:3000",
]
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_ALL_ORIGINS = True
#allauth
SITE_ID= 1
ACCOUNT_USER_MODEL_USERNAME_FIELD = None
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES':(
'rest_framework.permissions.AllowAny',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'dj_rest_auth.jwt_auth.JWTCookieAuthentication',
)
}
AUTHENTICATION_BACKENDS = (
"django.contrib.auth.backends.ModelBackend",
"allauth.account.auth_backends.AuthenticationBackend"
)
#simple jwt
SIMPLE_JWT = {
'AUTH_HEADER_TYPES': ('JWT','Bearer',),
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=600),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
"ROTATE_REFRESH_TOKENS": False,
"BLACKLIST_AFTER_ROTATION": False,
"UPDATE_LAST_LOGIN": True,
"ALGORITHM": "HS512",
}
# rest auth
REST_AUTH = {
'USE_JWT': True,
'JWT_AUTH_COOKIE': 'access',
'JWT_AUTH_REFRESH_COOKIE': 'refresh',
'JWT_AUTH_HTTPONLY': False,
'SESSION_LOGIN': False,
'OLD_PASSWORD_FIELD_ENABLED': True,
}
**当我尝试在 /dj-rest-auth/user/ 的邮递员中使用此配置发出请求时,我得到了这个
message {
"detail": "Given token not valid for any token type",
"code": "token_not_valid",
"messages": [
{
"token_class": "AccessToken",
"token_type": "access",
"message": "Token is invalid or expired"
}
]
}
虽然在浏览器中有效(因为是由 django 自行管理的)。如果我想获得访问和刷新令牌,我必须将配置更改为:**
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
)
但是它不适用于 /dj-rest-auth/user/ 请求(在邮递员中),我明白了
{
"detail": "Authentication credentials were not provided."
}.
我把它切换回
'dj_rest_auth.jwt_auth.JWTCookieAuthentication'
/dj-rest-auth/user/ request(在邮递员中)工作得很好
{
"pk": 1,
"email": "[email protected]",
"first_name": "Denis",
"last_name": "Andrew"
}
请问有什么推荐吗?我尝试了这个视频https://www.youtube.com/watch?v=gtm325DL1io&list=PLKzFrEuFEga5LQN7cAVvo1VwdSD783sUn&index=3 但我不知道为什么它对我不起作用。也许我没看出区别
Authorization
HTTP 标头的第一部分是令牌类型。
Authorization: <type> <value>
我注意到你已经设置了
#simple jwt
SIMPLE_JWT = {
'AUTH_HEADER_TYPES': ('JWT','Bearer',),
...
}
在您的 djangorestframework-simplejwt
设置中。
AUTH_HEADER_TYPES
设置控制授权标头中允许的令牌类型。文档 话虽如此,请确保您已在
Bearer
HTTP 标头中的
access_token
之前添加了
Authorization
前缀。 我应该看起来像这样:
Authorization: Bearer <access_token>
或Authorization: JWT <access_token>