Django Rest Auth Token in Android Volley

Question

So I'm running into a problem when calling rest-auth/user/.

I am able to login and obtain the key from said login, but from that I'm not sure how to use it in regards to rest-auth/user/. I've tried using it with GET in volley, as well as POSTing it in volley. But everytime I try to do so, I get a 403 back saying credentials were not provided. I've also tried saving the token to Android's SharedPreferences.

I'm not sure what could be wrong or how to fix this problem, so any help would be appreciated.

My code looks like this:

getUserQueue = Volley.newRequestQueue(this);
JSONObject jsObj = new JSONObject();

try {
    jsObj.put("token", token);
} catch (JSONException e) {
    e.printStackTrace();
}

JsonObjectRequest jsObjRequest = new JsonObjectRequest
        (Request.Method.GET, "http://hurst.pythonanywhere.com/supportal/rest-auth/user/", jsObj, new Response.Listener<JSONObject>() {
            @Override
            public void onResponse(JSONObject response) {
                try {
                    result = response.getString("username");
                } catch (JSONException e) {
                    e.printStackTrace();
                }
            }
        }, new Response.ErrorListener() {
            @Override
            public void onErrorResponse(VolleyError error) {
                error.printStackTrace();
            }
        });
// add the request object to the queue to be executed
getUserQueue.add(jsObjRequest);

GET methods don't use a HTTP body, so I'm not sure what `jsObj` does as a parameter — OneCricketeer, Dec 15 '16 at 06:44
Are you able to make the request using cURL or Postman? I would try that before writing it in Android — OneCricketeer, Dec 15 '16 at 06:45
Using postman I was not able to get access via GET nor POST with the token I obtained, I get a response message of: {"detail":"Authentication credentials were not provided."} It seems to run off session data / cookies in your browser, because if I login on my browser and try to access the user endpoint it returns the info of the account I logged in with. — user2302876, Dec 15 '16 at 06:56
I'm not sure about `/rest-auth/user`, but don't you need to use `/rest-auth/login/` first? — OneCricketeer, Dec 15 '16 at 06:58
Show your `REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES']` please. — Andrey Shipilov, Dec 15 '16 at 06:59
Yes, I am able to create a volley connection to rest-auth/login and obtain the token that it returns, after that I send the token via `getIntent()` to this page. I'm thinking I have to save that token in the session to be able to access `/rest-auth/user` — user2302876, Dec 15 '16 at 07:01
Default Auth classes are listed as follows: `REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication', 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', ), }` — user2302876, Dec 15 '16 at 07:03

score 0 · Answer 1 · edited May 23 '17 at 12:01

From comments it is clear that you are using different authentication schemes for rest, will explain these,

SessionAuthentication

For authenticating session authentication you need persistant cookie implementation in android volley, check here for this, where Set-Cookie header is parsed from server api response & send over next requests.

BasicAuthentication

In Basic authentication scheme, username & password are send over every request ( after login ?), with Authorization header value ( Base64 encoded).To check how to implement this check here

@Override
public Map<String, String> getHeaders() throws AuthFailureError {
    HashMap<String, String> params = new HashMap<String, String>();
    String creds = String.format("%s:%s","USERNAME","PASSWORD");
    String auth = "Basic " + Base64.encodeToString(creds.getBytes(), Base64.DEFAULT);
    params.put("Authorization", auth);
    return params;
}

JSONWebTokenAuthenticatio‌n

In JWT authentication scheme, after successful login you will get a JWT token, you need to send this token in every request that need user authorization, for this to work, set Authorization header value with JWT token_after_login;Only difference with Basic authentication is how header is send.

@Override
public Map<String, String> getHeaders() throws AuthFailureError {
    HashMap<String, String> params = new HashMap<String, String>();
    String auth = "JWT " + token // token you will get after successful login
    params.put("Authorization", auth);
    return params;
}

I have experience in both platforms, so you can ask/comment if django related or android related clarification — Renjith Thankachan, Dec 15 '16 at 17:18

Django Rest Auth Token in Android Volley

1 Answers1