16

I am starting with django-rest-framework and I can't find the way to access the Token value from the view, is it possible? I am not using built-in token generator, I use a custom function to do it. In request's headers I give this:

Authorization: 'Token kjansfd98qhr23d09823098fdj'

How can I access that value in the view? Or maybe there's a best way to work with custom tokens.

PD: I am not using Django's default User model.

Gocht
  • 9,924
  • 3
  • 42
  • 81
  • Do you just need to access the value or perform token authentication as Token authentication class handles that automatically for you. – Rahul Gupta Aug 04 '15 at 15:45

2 Answers2

22

You can access them within a view using request.META, which is a dictionary. So you can use request.META.get('HTTP_AUTHORIZATION') to access autherizatoin token.

For more details visit Django TokenAuthentication missing the 'Authorization' http header

If you are deploying to Apache, and using any non-session based authentication, you will need to explicitly configure mod_wsgi to pass the required headers through to the application. This can be done by specifying the WSGIPassAuthorization directive in the appropriate context and setting it to 'On'. For details please visit http://www.django-rest-framework.org/api-guide/authentication/

Community
  • 1
  • 1
Rajesh Kaushik
  • 1,471
  • 1
  • 11
  • 16
  • 1
    Can you tell me how DRF makes the token validation in this case? – Gocht Aug 04 '15 at 18:33
  • Do you want to implement token authentication on your custom user model ? – Rajesh Kaushik Aug 05 '15 at 04:17
  • Yes, I have 2 model to represent a `Partner` and a `Client` user, but none of them extends from default Django's `User` model. I also have a `AuthToken` model to store the token that I generate. In this case is it possible to implement some of the built-in token authentication? – Gocht Aug 05 '15 at 14:24
  • 1
    Read this for custom authentication http://www.django-rest-framework.org/api-guide/authentication/#custom-authentication – Rajesh Kaushik Aug 05 '15 at 14:40
  • I did, but I am not clear is this point: How is always returning `None` for the `auth` value? -> `return (user, None)` – Gocht Aug 05 '15 at 14:46
  • If you look at the DRF source code (authentication.py), you can see all authentication classes are inhetrited from BaseAuthentication class. 'authenticate' method of this class accept the request and return a two-tuple of (user, token). Here the user and token are supposed to be objects of User And Token models. If you dont have Token model then you can return User, None from 'authenticate' method of your 'CustomAuthenticationClass'. – Rajesh Kaushik Aug 05 '15 at 15:15
  • Oh, that is really helpfull, I do have a Token class, so I can do my custom validation process and return a User, Token. Thanks! – Gocht Aug 05 '15 at 15:17
  • is there any way to send refresh token with access token? – Ranvijay Sachan Sep 24 '19 at 12:56
4

You can get the token from the request.auth attribute. It returns a DRF Token instance. If you want only the key then you can access it with the request.auth.key attribute.

Reference:

Tyler2P
  • 2,324
  • 26
  • 22
  • 31
Md Mahmood Bin Habib
  • 51
  • 1