Accessing Protected URLs - loum/jwt-auth GitHub Wiki

Our special protected-url REST API URI is set to only accept authenticated requests via the REST_FRAMEWORK global defined in auth.settings:

REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': (
        ...
        'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
    ),
}

Note also that one of the supported authentication classes is rest_framework_jwt.authentication.JSONWebTokenAuthentication. This allows us to use a JWT to access the endpoint in call similar to the following:

$ curl -H "Authorization: JWT <TOKEN>" http://<YOUR_SERVER_IP>:8000/protected-url
{"message":"This is a protected URL"}

Without the JWT, the request will be rejected:

$ curl http://localhost:8000/protected-url
{"detail":"Authentication credentials were not provided."}

Accessing Protected URLs - loum/jwt-auth GitHub Wiki

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️