Can Auth0 M2M Token Be Used To Send POST Requests?

Help
, , ,
5

Hi @mathiasconradt ,

Just sort of trialed and tested my way through and sort of found a viable working answer after 7-days of testing. Hopefully this solution may help someone else in the process.

However, at this juncture, I have to say I only did 1-3 successful testing session and the solution have not been vigorously tested. But it worked out every single one of the tests so far.

Basically, here are some key pointers:

  1. POST requests submissions are possible through use of JWT Tokens, just that there is a very specific method to get it working.
  2. Use of Classes within Django Rest Framework based server will not work when ‘permission_classes((IsAuthenticated, ))’ and ‘authentication_classes((JSONWebTokenAuthentication,))’ is enabled, but will work when they are disabled if you are using Django at the backend.
  3. Use of API_View codes in views.py will be the working solution to allow both ‘permission_classes((IsAuthenticated, ))’ and ‘authentication_classes((JSONWebTokenAuthentication,))’ to be enabled altogether.
  4. In the send request with a React Frontend, either with AXIOS or FETCH, it does seem to highly work when you include “Content-Type”: “application/x-www-form-urlencoded” instead of “Content-Type”: “application/json” in your POST request Headers.

Sample Sample Key Codes to Take Note:

A. FRONTEND — REACT

// HANDLES "POST" REQUESTS CONFIGS
        let postBackendConfig = {
            headers: { 
                "Content-Type": "application/x-www-form-urlencoded",
                Authorization: process.env.REACT_APP_JWT_AUTH0_HEADER + " " + auth0Token,
            },
        };

B. BACKEND — DJANGO REST FRAMEWORK

views.py

@csrf_exempt
@permission_classes((IsAuthenticated, ))
@authentication_classes((JSONWebTokenAuthentication,))
def newsubmission(request):
    if request.method == 'POST':
        data = JSONParser().parse(request)
        serializer = SubmissionsSerializer(data=data)
        

        if serializer.is_valid():
            submitted = serializer.save()
            return JsonResponse(serializer.data, status=201)
        return JsonResponse(serializer.errors, status=400)

One last key item to take note is with your sending / receiving Authorization Header, which is very critical to ensure that all this code works as well.

The following is an example for your to review your own codes as it is one of the common issues individuals faced while using JWT Tokens. I believe as long as both ends are the same, be it “JWT” or “Bearer” it will still work, but it will be highly recommended to use only either of “JWT” or “Bearer” as your options:

A. FRONTEND — REACT — SENDER AUTHORIZATION HEADER

Authorization: "JWT " + auth0Token,

B. BACKEND — DJANGO REST FRAMEWORK — RECEIVER AUTHORIZATION HEADER


settings.py


# JWT settings
JWT_AUTH = {
    ...
    'JWT_AUTH_HEADER_PREFIX': "JWT",
    ...

}

Really appreciate the help and support provided so far! Thank you so much! :wink:

1 Like