Authentication with JWT is not fully stateless

[922tech]

In rest_framework_simplejwt.authentication.JWTAuthentication.authenticate there is a line like this:

return self.get_user(validated_token), validated_token

Even if the user's request has the valid credentials(the JWT) in the header, this line does not authenticate the user and responds with status code 401(see the picture).
This can be a problem when you have the user data in another service's database.
Is that OK to override authenticate method somehow that it would no longer require the users' database table?

[AlexanderNeilson]

Hi MartinHave you checked out the documentation on stateless use?Possibly not switching the backend for auth to use the stateless backend so it’s trying to use the stateful mode instead?django-rest-framework-simplejwt.readthedocs.ioDepending on the version you use there is a note on that page re old naming. But it looks like you have spotted the code in the stateful auth mode. RegardsAlexanderAlexander NeilsonNeilson Productions Limited021 329 ***@***.*** 15 Dec 2024, at 00:21, martin aras ***@***.***> wrote: In rest_framework_simplejwt.authentication.JWTAuthentication.authenticate there is a line like this: return self.get_user(validated_token), validated_token Even if the user's request has the valid credentials(the JWT) in the header, this line does not authenticate the user and responds with status code 401(see the picture). This can be a problem when you have the user data in another service's database. Is that OK to override authenticate method somehow that it would no longer require the users' database table? image.png (view on web) —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[922tech]

Thanks!
using rest_framework_simplejwt.authentication.JWTStatelessUserAuthentication did solve my problem.