Django Rest API JWT authentication – No active account found with the given credentials
Question:
I have a question concerning the Django Rest Framework JWT auth protocol.
This issue has been coming up a lot but no suggested solution has worked for me yet.
When I try this command:
http post http://127.0.0.1:8000/api/token/ username=username password=password
or
curl -X POST -d "username=username&password=password" http://localhost:8000/api/token/
to obtain the access/refresh tokens as suggested in many tutorials, I get this error:
{
"detail": "No active account found with the given credentials"
}
-
I have created a superuser
-
My users are all is_active = True
-
My passwords are hashed in the database
-
I have AUTH_USER_MODEL = ‘my_app_name.User’ in settings.py
-
The username/password are 100% correct.
Here is my User model:
class User(LifecycleModelMixin, AbstractUser):
public_id = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
company_name = models.CharField(max_length=100, blank=True)
job_title = models.CharField(max_length=30, blank=True)
street_address = models.CharField(max_length=100, blank=True)
street_address2 = models.CharField(
verbose_name="Street address 2", max_length=100, blank=True
)
city = models.CharField(max_length=100, blank=True)
state = models.CharField(max_length=50, blank=True)
zip = models.CharField(max_length=50, blank=True)
phone_number = PhoneNumberField(blank=True)
is_active = models.BooleanField(default=True, null=True, blank=True)
email_subscribed = models.BooleanField(default=True, null=True, blank=True)
manager = models.ForeignKey(
"self",
null=True,
blank=True,
on_delete=models.SET_NULL,
related_name="sub_users",
)
country = CountryField(blank_label="(select country)", blank=True)
contact_info = JSONField("ContactInfo", default=contact_default)
My serializer:
class UserSerializer(serializers.ModelSerializer):
def create(self, validated_data):
user = super().create(validated_data)
user.set_password(validated_data['password'])
user.save()
return user
class Meta:
model = User
fields = ('email', 'username', 'refreshToken', 'password')
extra_kwargs = {'password': {'write_only': True}}
My urls:
from rest_framework_simplejwt.views import (
TokenObtainPairView,
TokenRefreshView,
TokenVerifyView,
)
urlpatterns: List[URLPattern] = (
[
path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
path('api/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
path('api-token-auth/', obtain_auth_token, name='api_token_auth'),
path("auth/", include("authapp.urls")),
]
+ static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+ static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
)
my settings.py:
DJANGO_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"django.contrib.sites",
"django.forms",
]
INSTALLED_APPS = [
# styling
"crispy_forms",
"crispy_tailwind",
"crispy_bootstrap5",
"widget_tweaks",
# rest framework
'rest_framework',
'rest_framework.authtoken',
#celery
"django_celery_beat",
# dev
"django_extensions",
"debug_toolbar",
# deploy
"whitenoise.runserver_nostatic",
# auth
'authapp',
'rest_framework_simplejwt',
'djoser',
"allauth",
"allauth.account",
"allauth.socialaccount",
# mail
"anymail",
# utils
"phonenumber_field",
"simple_history",
"markdownify",
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
'DEFAULT_PERMISSION_CLASSES':(
'rest_framework.permissions.IsAuthenticated',
)
}
I am out of ideas as to why this is happening. This is my first experience with Django Rest Framework, therefore I suspect I might have forgotten to add something crucial.
Answers:
My colleague found the issue.
In my settings.py file my config for ACCOUNT_AUTHENTICATION_METHOD is set to email.
settings.py:
ACCOUNT_AUTHENTICATION_METHOD = "email"
So the HTTP command should look like this:
http http://127.0.0.1:8000/api/token/ username=email password=password
Yeah. It was that simple.
I have a question concerning the Django Rest Framework JWT auth protocol.
This issue has been coming up a lot but no suggested solution has worked for me yet.
When I try this command:
http post http://127.0.0.1:8000/api/token/ username=username password=password
or
curl -X POST -d "username=username&password=password" http://localhost:8000/api/token/
to obtain the access/refresh tokens as suggested in many tutorials, I get this error:
{
"detail": "No active account found with the given credentials"
}
-
I have created a superuser
-
My users are all is_active = True
-
My passwords are hashed in the database
-
I have AUTH_USER_MODEL = ‘my_app_name.User’ in settings.py
-
The username/password are 100% correct.
Here is my User model:
class User(LifecycleModelMixin, AbstractUser):
public_id = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
company_name = models.CharField(max_length=100, blank=True)
job_title = models.CharField(max_length=30, blank=True)
street_address = models.CharField(max_length=100, blank=True)
street_address2 = models.CharField(
verbose_name="Street address 2", max_length=100, blank=True
)
city = models.CharField(max_length=100, blank=True)
state = models.CharField(max_length=50, blank=True)
zip = models.CharField(max_length=50, blank=True)
phone_number = PhoneNumberField(blank=True)
is_active = models.BooleanField(default=True, null=True, blank=True)
email_subscribed = models.BooleanField(default=True, null=True, blank=True)
manager = models.ForeignKey(
"self",
null=True,
blank=True,
on_delete=models.SET_NULL,
related_name="sub_users",
)
country = CountryField(blank_label="(select country)", blank=True)
contact_info = JSONField("ContactInfo", default=contact_default)
My serializer:
class UserSerializer(serializers.ModelSerializer):
def create(self, validated_data):
user = super().create(validated_data)
user.set_password(validated_data['password'])
user.save()
return user
class Meta:
model = User
fields = ('email', 'username', 'refreshToken', 'password')
extra_kwargs = {'password': {'write_only': True}}
My urls:
from rest_framework_simplejwt.views import (
TokenObtainPairView,
TokenRefreshView,
TokenVerifyView,
)
urlpatterns: List[URLPattern] = (
[
path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
path('api/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
path('api-token-auth/', obtain_auth_token, name='api_token_auth'),
path("auth/", include("authapp.urls")),
]
+ static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
+ static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
)
my settings.py:
DJANGO_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"django.contrib.sites",
"django.forms",
]
INSTALLED_APPS = [
# styling
"crispy_forms",
"crispy_tailwind",
"crispy_bootstrap5",
"widget_tweaks",
# rest framework
'rest_framework',
'rest_framework.authtoken',
#celery
"django_celery_beat",
# dev
"django_extensions",
"debug_toolbar",
# deploy
"whitenoise.runserver_nostatic",
# auth
'authapp',
'rest_framework_simplejwt',
'djoser',
"allauth",
"allauth.account",
"allauth.socialaccount",
# mail
"anymail",
# utils
"phonenumber_field",
"simple_history",
"markdownify",
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
'DEFAULT_PERMISSION_CLASSES':(
'rest_framework.permissions.IsAuthenticated',
)
}
I am out of ideas as to why this is happening. This is my first experience with Django Rest Framework, therefore I suspect I might have forgotten to add something crucial.
My colleague found the issue.
In my settings.py file my config for ACCOUNT_AUTHENTICATION_METHOD is set to email.
settings.py:
ACCOUNT_AUTHENTICATION_METHOD = "email"
So the HTTP command should look like this:
http http://127.0.0.1:8000/api/token/ username=email password=password
Yeah. It was that simple.