Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does LoginView have permission_classes = (IsAuthenticated,) #64

Closed
ghost opened this issue Aug 9, 2017 · 1 comment
Closed

Why does LoginView have permission_classes = (IsAuthenticated,) #64

ghost opened this issue Aug 9, 2017 · 1 comment
Labels
question

Comments

@ghost
Copy link

ghost commented Aug 9, 2017

Hi,
I currently use djoser library to do the equivalent but want to be able to support multiple tokens per user which rest-knox supports. But I am unable to get it to work.

I am trying to get rest-knox to work but running into an HTTP 401 issue that I think others have reported. However I dont understand why you have LoginView have permission_classes = (IsAuthenticated,) Shouldnt this be changed AllowedAny.

Why should you have some other type of login first and then call the rest-knox login to login again?
If you look into the login view of djoser, that also has AllowAny permission for the login view.

Thanks
@belugame
Copy link
Collaborator

I too asked myself that question. Maybe we should consider renaming it as the view does not really login a user, but generate a token for the user.

You need to send credentials to the view, e.g. via BasicAuth to "login" and in return you receive a token.
AllowAny would not work, as it would return a token for anyone or rather not know what user requests a token.

@brycekellogg brycekellogg mentioned this issue Feb 7, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@belugame