Django Rest Framework invalid username/password

Question

Trying to do a simple 'GET' wih admin credentials returns

"detail": "Invalid username/password."

I have a custom user model where I deleted the username, instead I use facebook_id :

USERNAME_FIELD = 'facebook_id'

---

I tried changing the DEFAULT_PERMISSION_CLASSES:

('rest_framework.permissions.IsAuthenticated',), -- doesn't work!
('rest_framework.permissions.IsAdminUser',), -- doesn't work!

The only one that works is:

('rest_framework.permissions.AllowAny',),

But I do not want that, since I'm building an API for a Mobile App

I also declared a CustomUserAdmin model and CustomUserCreationForm , apparently this was not the problem

---

Help me understand what needs to be done to fix this annoying problem, I'm guessing it might have something to do with Permissions/Authentication or the fact that I CustomUserModel..

Also, let me know if there is a better way for a mobile app client to authenticate to the api

Answer 1

Have just had the same problem. In my case the source of the problem was Apache's Basic Authentication, my browser was sending Authorization header and Django REST Framework thought that this header was to be handled by it. The solution is pretty simple: just remove 'rest_framework.authentication.BasicAuthentication' from your

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": [ 
        # ... auth classes here ... 
    ]
}

Or explicitly set the default DEFAULT_AUTHENTICATION_CLASSES to remove BasicAuth from DRF's defaults.

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": (
        "rest_framework.authentication.SessionAuthentication",
    ),
}

Answer 2

You have the default, and then you have per view. You can set the default to IsAuthenticated, and then you override your view's particular permission_classes. e.g.

class ObtainJSONWebLogin(APIView):
    permission_classes = ()

or

class Foo(viewsets.ModelViewSet):
    permission_classes = ()