"User Delete" endpoint expects DRF token despite `rest_framework_simplejwt` auth backend being set

[lukaszsi]

As in the title, I've got simple Django app where I use rest_framework_simplejwt. Other flows like i.e. user's creation work flawlessly, although I've encountered an issue with DELETE /users/me/ one, which responds with:

AttributeError at /auth/users/me/
type object 'Token' has no attribute 'objects'
(...)

Which seems to be a token from DRF Token Based Authentication I think?

[tomwojcik]

Please show drf and djoser settings.

[lukaszsi]

Sure, here are all settings related to drf / djoser / simplejwt:

settings.py

INSTALLED_APPS = [
    (...)
    "rest_framework",
    "rest_framework_simplejwt",
    "djoser",
]

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": (
        "rest_framework_simplejwt.authentication.JWTAuthentication",
    )
}

SIMPLE_JWT = {
    "AUTH_HEADER_TYPES": ("JWT",),
}

DOMAIN = "www.myapp.com"
SITE_NAME = "MY APP"
DJOSER = {
    "PASSWORD_RESET_CONFIRM_URL": "#/password/reset/confirm/{uid}/{token}",
    "ACTIVATION_URL": "/activate/{uid}/{token}",
    "SEND_ACTIVATION_EMAIL": True,
    "PASSWORD_RESET_CONFIRM_RETYPE": True,
    "SERIALIZERS": {},
}

urls.py

urlpatterns = [
    (...)
    path("auth/", include("djoser.urls")),
    path("auth/", include("djoser.urls.jwt")),
]

[stefanofusai]

Experiencing the same issue here :(

[tomwojcik]

Thanks for the opening the ticket. Contributions welcome.

[zxkeyy]

This should be fixed by setting TOKEN_MODEL to None in settings.py like this:

DJOSER = {
    'TOKEN_MODEL': None,
    # other settings
}

or alternatively you can add 'rest_framework.authtoken' to INSTALLED_APPS and run migrations if you want to have token based authentication on top of jwt authentication.

@tomwojcik Probably needs better documentation, but i'm not sure this is actually a bug.

[bilalnaqvi]

#861