jwt setup 2 problems

I’m having some issues setting up jwt. I have been using Simple jwt docs to set up token authentication and some of it works. Using curl I can obtain and refresh a token, but when I try to access the protected page I get

curl   -H "Authorization: Bearer mytoken"
"Authentication credentials were not provided."

I don’t actually need authentication for my project since it is purely an internal api, I’d just like to get it working for the sake of learning. Same with the pagination I mentioned in another post.

BTW I have installed corsheaders, both app and middleware and set CORS_ORIGIN_ALLOW_ALL = True. I did this because it was reported to be a reason for my issue below. I doubt that could be the problem but just full disclosure.

On a related note, I can’t figure out how to formulate the initial request in Postman or Thunder Client. Using the Basic auth type and entering username and password gives

    "username": [
        "This field is required."
    "password": [
        "This field is required."

Again, not really a big deal at this point but I am curious. I also tried passing this object in the body of the request but got the same response.

your curl request seems fine as the usage documents. is it possible you’re missing the authentication classes? They are either configured globally in a setting or on a per view basis.

aside: drf ships with token authentication. jwts are a good solution for temporary stateless authentication across services, but not really for user sessions.

Thanks for your reply. I configured them globally with


This looks good.

(1) Will you post the view that you’re making a request to? From your curl snippet, the view that’s handling /players/?
(2) Any chance you have set the AUTH_HEADER_NAME setting to something other than the default?

If nothing looks suspicious there, I’d suggest putting a breakpoint at the request’s _authenticate method. The error message you show Authentication credentials were not provided. looks to come from the NotAuthenticated APIException. In the _authenticate method, you should be able to dig into each Authentication Class (specifically the jwt one) and figure out why it’s not succeeding.

Sorry to be so late in replying. I really appreciate your help, just got caught up in other things.
The view (viewset) is basic:

class PlayerViewSet(viewsets.ReadOnlyModelViewSet):
  queryset = Player.objects.all().order_by('-gp')
  serializer_class = PlayerSerializer

as is the serializer:

class PlayerSerializer(serializers.HyperlinkedModelSerializer):
  class Meta:
    model = Player
    fields = ['id','name', 'gp', 'gpChar', 'gpShip', 'allycode', 'level']

I will try your debugging suggestion as well.