0
votes

So I've created a register page that allows visitors to register an account on my website. These accounts have no staff status or administrative privileges.

I've also created a login page that takes the username and password and sends an ajax post request to an auth url. The url links to obtain_jwt_token (django-rest-framework-jwt's view) which checks the username and password and then returns a jwt token to the visitor's localstorage.

This is all fine and dandy, and it works well. Only problem is... well it works only for administrator accounts. For some reason the accounts with no staff status aren't validated.

Json Web Tokens aren't returned for these accounts.

Is this an issue with django.admin.auth? or is it an issue with drt-jwt?

Is drt-jwt using the django admin page to authenticate users? Because that's not what I want. I don't just want admins to be able to log in to my website.

1

1 Answers

0
votes

Found the issue. My account api allowed bad passwords to fall through, so my users model wasn't able to log that password.