Token Authentication Django Rest Framework HTTPie

Question

Hello I am trying to test Token Authentication i have implemented with DRF using httpie as per the tutorial in this following link

The following command:

http GET 127.0.0.1:8000/api/projects/ 'Authorization: Token b453919a139448c5891eadeb14bf1080a2624b03'

yields the following error.

usage: http [--json] [--form] [--pretty {all,colors,format,none}]
        [--style STYLE] [--print WHAT] [--headers] [--body] [--verbose]
        [--all] [--history-print WHAT] [--stream] [--output FILE]
        [--download] [--continue]
        [--session SESSION_NAME_OR_PATH | --session-read-only SESSION_NAME_OR_PATH]
        [--auth USER[:PASS]] [--auth-type {basic,digest}]
        [--proxy PROTOCOL:PROXY_URL] [--follow]
        [--max-redirects MAX_REDIRECTS] [--timeout SECONDS]
        [--check-status] [--verify VERIFY]
        [--ssl {ssl2.3,ssl3,tls1,tls1.1,tls1.2}] [--cert CERT]
        [--cert-key CERT_KEY] [--ignore-stdin] [--help] [--version]
        [--traceback] [--default-scheme DEFAULT_SCHEME] [--debug]
        [METHOD] URL [REQUEST_ITEM [REQUEST_ITEM ...]]http: error: argument REQUEST_ITEM: "Token" is not a valid value

So i decided to differ from the tutorial and made my request like this

http GET 127.0.0.1:8000/api/projects/ 'Authorization:b453919a139448c5891eadeb14bf1080a2624b03'

The following message was returned

HTTP/1.0 401 Unauthorized
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Date: Thu, 03 Nov 2016 09:52:05 GMT
Server: WSGIServer/0.1 Python/2.7.10
Vary: Accept
WWW-Authenticate: Token
X-Frame-Options: SAMEORIGIN

  {
     "detail": "Authentication credentials were not provided."
  }

Any assistance offered would be great. I am running on local machine at home.

Have you tried a request on Postman? If it works there, then it must be an issue in the way you are submitting your request via HTTPie. — Apoorv Kansal, Nov 03 '16 at 10:49

score 29 · Accepted Answer · answered Nov 04 '16 at 11:11

29

The solution is simple as is as follows . Use double quotes in the place of single quotes contrary to what the DRF Documentation says

For curl use the command below

curl -H "Authorization: Token b453919a139448c5891eadeb14bf1080a2624b03" http://127.0.0.1:8000/api/projects/

For HTTPie use

http GET http://127.0.0.1:8000/api/projects/ "Authorization: Token b453919a139448c5891eadeb14bf1080a2624b03"

Note that Double quotes are used contrary to single quotes in the documentation.

answered Nov 04 '16 at 11:11

Paul Nyondo

2,126
2
23
30

Are you sure double quotes are needed? For bash, double quotes and single quotes are (except for interpolation, which does not apply in this case since there are no interpolable characters) interchangeable. See my answer for another possible explanation. – blueFast Jul 05 '18 at 07:55

score 8 · Answer 2 · answered Jul 05 '18 at 07:53

Contrary to Paul Nyondo's experience, for me the issue is not single quotes / double quotes (both are fine when using bash as shell), but the space between Authorization: and Token.

This fails:

» http GET http://service:8000/api/v1/envs/ 'Authorization: Token 3ea4d8306c6702dcefabb4ea49cfb052f15af85c'

http: error: InvalidHeader: Invalid return character or leading space in header: Authorization

This works (with double quotes):

» http GET http://service:8000/api/v1/envs/ "Authorization:Token 3ea4d8306c6702dcefabb4ea49cfb052f15af85c"
HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Content-Length: 90
Content-Type: application/json

And this also works (with single quotes):

» http GET http://svc.userv.dgvmetro:8000/api/v1/envs/ 'Authorization:Token 3ea4d8306c6702dcefabb4ea49cfb052f15af85c'
HTTP/1.1 200 OK
Allow: GET, HEAD, OPTIONS
Content-Length: 90
Content-Type: application/json

Token Authentication Django Rest Framework HTTPie

2 Answers2