[SOLVED] AllowAny override does not work on APIView

Using Django
1

Hi there,
I am trying to expose an API endpoint publicly, but I am using authentication for most of my views.

This is my settings:

REST_FRAMEWORK = {
    "DEFAULT_AUTHENTICATION_CLASSES": (
        "rest_framework.authentication.SessionAuthentication",
        "rest_framework.authentication.TokenAuthentication",
        "rest_framework_simplejwt.authentication.JWTAuthentication",
    ),
    "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
    "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
    "DEFAULT_PAGINATION_CLASS": "project.core.api.pagination.custom_pagination.CustomPagination",
    "PAGE_SIZE": 10,
}

This is the view:

class PublicEndpoint(APIView, CustomPagination):
    """
    This endpoint can be accessed by non-authenticated users (e.g. during a 
    """
    permission_classes = (AllowAny,)
    def get(self, request):
         pass # do stuff

But whenever I try to access to this view I get 403 requiring me a token.

{
    "detail": "Given token not valid for any token type",
    "code": "token_not_valid",
    "messages": [
        {
            "token_class": "AccessToken",
            "token_type": "access",
            "message": "Token is invalid or expired"
        }
    ]
}

How to solve this?
Thanks!

1 Like
2

Hi nitto,

Looking at the rest_framework_simplejwt, I found the exception that was raised. Here’s where it gets raised. You can see that this validation wouldn’t occur if the raw token was None. Looking at get_raw_token’s definition, I believe you need to not set the authorization header. That should definitely short circuit the authentication check there and prevent the exception.

1 Like
3

Thank you @CodenameTim ! I have fixed by adding

authentication_classes = []

to APIView.

1 Like