>From the documentation (http://www.django-rest-framework.org/api-guide/authentication/):
*Note:* Don't forget that *authentication by itself won't allow or disallow > an incoming request*, it simply identifies the credentials that the > request was made with. > ... > If no class authenticates, request.user will be set to an instance of > django.contrib.auth.models.AnonymousUser, and request.auth will be set to > None. Are you finding an instance where this is not the case? Can you post/link to some sample code to discuss further? On Tuesday, July 5, 2016 at 4:20:53 PM UTC-5, Nadya Ionova wrote: > > > Hi, > > > > Can anybody explain, why TokenAuthentication.authenticate_credentials > method raises an AuthenticationFailed exception? > > Seems, since it is an authentication method, it shouldn’t allow or > disallow an incoming request. > > On practice, user can have invalid token in cookies, but he/she still > should have access to AllowAny pages, for example. > > > Thanks for any thoughts > -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
