
I have tried to add authentication to my Rest API using OAuth Toolkit. I get to the login page and enter in my username and password then redirect to my api. I then get a message {"detail":"Authentication credentials were not provided."} I have tried looking into this and most people who have the problem seem to have missed something out of the Rest_Framework settings. I dont think I have though.

Heres my code:


LOGIN_REDIRECT_URL = '/api/users/'



urlpatterns = patterns('', url(r'^admin/', include(admin.site.urls)),
                       url(r'^accounts/login/$', auth_views.login, {'template_name': 'login.html'}),

                       url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
                       url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token'),
                       url(r'^o/', include('oauth2_provider.urls', namespace='oauth2_provider')),

                       url(r'^api/users/$', api.UserList.as_view()),
                       url(r'^api/users/(?P<pk>[0-9+]+)/$', api.UserDetail.as_view()),


@receiver(post_save, sender=User)
def init_new_user(sender, instance, signal, created, **kwargs):
    if created:

class APIEndpoint(ProtectedResourceView):
    def get(self, request, *args, **kwargs):
        return HttpResponse('Protected with OAuth2!')

class UserViewSet(viewsets.ModelViewSet):
    model = User
    serializer_class = UserSerializer

    def retrieve(self, request, pk=None):
        if pk == 'me':
            return Response(UserSerializer(request.user).data)
        return super(UserViewSet, self).retrieve(request, pk)

class UserList(generics.ListCreateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer

class UserDetail(generics.RetrieveUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer
do any of these solutions help: stackoverflow.com/questions/14877249Fiver
I looked at those and still no luck. The only thing from there i didn't try was the WSGIPassAuthorization On as to my understanding thats if your running on a Apache server when i'm just running just virtualenv. If I'm wrong I don't know where to put the WSGIPassAuthorization OnChris Meek
You are correct, that is an Apache specific config option. Do you have oauth2_provider listing in INSTALLED_APPS in your settings file?Fiver
Hmm, the only other thing I can think of is to try switching the order of DEFAULT_AUTHENTICATION_CLASSES so that OAuth2 is first.Fiver
What is the response code that you are getting?Kevin Brown

In my case token authentication was working fine on development server and not on Apache. The reason was exactly the missing WSGIPassAuthorization On



see your settings.py, if you have


in REST_FRAMEWORK like this, it will Authenticate each time when you post.


so, delete it.


In my case, I used a permissions.IsAuthenticatedOrReadOnly permission class in my viewset, but sending a post request without login:

class MemberViewSet(viewsets.ModelViewSet):

    queryset = Member.objects.all()
    serializer_class = MemberSerializer

    permission_classes = (

    def check_activation_code(self, request):
        # my custom action which do not need login
        # I met the error in this action

So the permission checking for that permission class is failed.

Everything goes well after I remove the IsAuthenticatedOrReadOnly permission class.