0

I'm trying to follow a tutorial on the Django OAuth Toolkit: https://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial_03.html. The instructions say to update de MIDDLEWARE as follows:

MIDDLEWARE = (
    '...',
    # If you use SessionAuthenticationMiddleware, be sure it appears before OAuth2TokenMiddleware.
    # SessionAuthenticationMiddleware is NOT required for using django-oauth-toolkit.
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'oauth2_provider.middleware.OAuth2TokenMiddleware',
    '...',
)

In my current project generated using startproject in Django 2.0.1, however, I see both SessionMiddleware and AuthenticationMiddleware, but no SessionAuthenticationMiddleware:

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    # 'oauth2_provider.middleware.OAuth2TokenMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

Where should I put the OAuth2TokenMiddleware? After AuthenticationMiddleware as in the commented-out line?

Kurt Peek
  • 52,165
  • 91
  • 301
  • 526

1 Answers1

1

The SessionAuthenticationMiddleware class has been removed - session authentication was unconditionally enabled in 1.10.

(see: https://docs.djangoproject.com/en/2.0/releases/2.0/#miscellaneous)

i.e. yes, it should come after AuthenticationMiddleware

Tom
  • 688
  • 13
  • 29