Possible auth issues when using both SessionAuthentication and TokenAuthentication #53
Comments
jcohen02
added
bug
|
As a workaround I explicitly added: class ProcessView(APIView): |
|
...this solved it for me, by specifically limiting the auth classes on the View that was complaining. |
|
Just a quick update on this issue to say that I've been trying to reproduce the issue originally described in #43 and have been unable to do so at present. I've just added a description of what I've tried in response to the most recent message in #43. If anyone else is experiencing this issue and would be able to provide a minimal example to reproduce it, that would be very helpful. At present, I'm assuming this is something specific to the configuration of the apps where the problem is being encountered since a cut-down small-scale test doesn't reproduce the problem. Nonetheless, I'd be really pleased to receive any further details that can help me to identify what's causing this and put in a fix asap, if there is, indeed, something that can be done within |
As originally highlighted in #43, there are reports of issues when using using both
SessionAuthenticationandTokenAuthenticationin'DEFAULT_AUTHENTICATION_CLASSES'.It's not clear whether this works in some circumstances because requests contain support for both authentication types and not in others where only the required headers/content are provided to support one auth type, or whether something else is going on.
This needs further investigation and the documentation will likely need updating to highlight this and provide guidance on avoiding the issue.
The text was updated successfully, but these errors were encountered: