python django django-rest-framework jwt django-rest-framework-jwt

Django rest framework jwt {"detail": "You do not have permission to perform this action."}

I am trying to make a request using django-rest-framework and django-rest-framework-jwt but The response that I get detail": "You do not have permission to perform this action."

views.py

class Test(generics.RetrieveAPIView):
    permission_classes = [IsAuthenticated]
    authentication_classes = []
    queryset = User.objects.all()
    def get(self, request):
        return response.Response({"test": "Test "}, status=status.HTTP_200_OK)

urls.py

from rest_framework_jwt.views import obtain_jwt_token, refresh_jwt_token
from .views import Test
urlpatterns = [
    path('', Test.as_view(), name='test'),
    path('token/', obtain_jwt_token, name='token_obtain_pair'),
    path('token/refresh/', refresh_jwt_token, name='token_refresh'),
]

settings.py

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
    ),
}
JWT_AUTH = {
    'JWT_ENCODE_HANDLER':
    'rest_framework_jwt.utils.jwt_encode_handler',
    'JWT_DECODE_HANDLER':
    'rest_framework_jwt.utils.jwt_decode_handler',
    'JWT_PAYLOAD_HANDLER':
    'rest_framework_jwt.utils.jwt_payload_handler',
    'JWT_PAYLOAD_GET_USER_ID_HANDLER':
    'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler',
    'JWT_RESPONSE_PAYLOAD_HANDLER':
    'rest_framework_jwt.utils.jwt_response_payload_handler',
    'JWT_SECRET_KEY': SECRET_KEY,
    'JWT_GET_USER_SECRET_KEY': None,
    'JWT_PUBLIC_KEY': None,
    'JWT_PRIVATE_KEY': None,
    'JWT_ALGORITHM': 'HS256',
    'JWT_VERIFY': True,
    'JWT_VERIFY_EXPIRATION': True,
    'JWT_LEEWAY': 0,
    'JWT_EXPIRATION_DELTA': timedelta(days=5),
    'JWT_AUDIENCE': None,
    'JWT_ISSUER': None,
    'JWT_ALLOW_REFRESH': True,
    'JWT_REFRESH_EXPIRATION_DELTA': timedelta(days=7),
    'JWT_AUTH_HEADER_PREFIX': 'JWT',
    'JWT_AUTH_COOKIE': None,
}

and the request that I made: >curl -X GET http://127.0.0.1:8000/users/ -H 'Authorization: Token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxMCwidXNlcm5hbWUiOiJoYXNhbm1iaWxhbDE5OThAZ21haWwuY29tIiwiZXhwIjoxNjUxNTkxMDYxLCJlbWFpbCI6Imhhc2FubWJpbGFsMTk5OEBnbWFpbC5jb20iLCJvcmlnX2lhdCI6MTY1MTE1OTA2MX0.bvmtH6mnItBjwKkvaNU5eMXlEyk2ZAytMWzhEE_Ibhs'

Note: I've used django-rest-framework-simplejwt and got the same problem...

Solution

You've set your authentication_classes=[], so auth is not run for this view
You then require they are logged in with your permissions_classes

For now just remove the authentication_classes = [] from the view. Your default permissions also require authentication, so that line could also be removed.

Based on your usage here you should probably use APIView rather than the generics. If you plan to use the features of the generics (and construct the routes correctly manually) then keep at it.

class Test(APIView):
    # use default permission_classes in REST_FRAMEWORK
    # use default authentication_classes in REST_FRAMEWORK

    def get(self, request):
        return Response({"data": "Test"})

To answer your new question, and after referring to the documentation for the rest_framework_jwt package, you need to send the token as Authorization: JWT {token}.

If this isn't the right documentation or package, please send a link to the correct one along with the location that says to use Token (which is actually how simple_jwt works, not this package).

In your settings file you actually override all the default settings, when you only need the ones you want to change. In this list, at the bottom, I see this:

    'JWT_AUTH_HEADER_PREFIX': 'JWT',