getting 401 for invalid token not 403

[Hamed Salimian]

Hi

in documents you is mentioned "By default this exception results in a response with the HTTP status code "401 Unauthenticated", but it may also result in a "403 Forbidden" response, depending on the authentication scheme in use."

I am using tokenauthenticate and getting 403 for invalid token instead of 401. in the official docs or other docs i couldn't find the way to handle this. below is my scheme, is there any problem?

tnx

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
    'UPLOADED_FILES_USE_URL': False,

    'DEFAULT_PAGINATION_CLASS': None,
    'PAGE_SIZE': DEFAULT_PAGE_SIZE,  # For views using PageNumberPagination
}

[Xavier Ordoquy]

Hi,

The documentation also says that it will use the first scheme to figure out whether it should respond a 401 or 403 and SessionAuthentication will return a 403 upon unauthenticated unauthorized request.

I provided the links in a similar SO response.

Regards,

Xavier,

Linovia.

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.