How to store data into a model associated with the current user?

Question

In my frontend i'm logging into another app's api in the browser, I'm then redirected back to my app, that hits a View in my backend which gets a code from the other app's api, sends code back in a post request then receives an access token and stores it in a model associated with the current user.

My problem is that after the user gives permission to other app in the browser it redirects back to my backend view without the users token in the header so if i have permissions_classes set it wont allow user to access that view... but if i take the permissions_classes off, the view won't know who the current user is.

View #1 that prepares the other app's API url:

class getAPIAuthURL(APIView):
    authentication_class = [authentication.TokenAuthentication]
    permission_class = [permissions.IsAuthenticated]

    def get(self, request):
        scopes = 'scopes'

        url = Request('GET', 'https://accounts.api.com/authorize',
                      params={
                          'scope': scopes,
                          'response_type': 'code',
                          'redirect_uri': REDIRECT_URL,
                          'client_id': CLIENT_ID
                      }
                      ).prepare().url
        return Response(url, status=status.HTTP_200_OK)

View #2 that gets data and stores it in model (this is the REDIRECT_URL from previous view):

class APICallback(APIView):
    authentication_class = [authentication.TokenAuthentication]
    permission_class = [permissions.IsAuthenticated]

    def api_callback(request, format=None):
        code = request.GET.get('code')

        if not code:
            return Response({'Error': 'Code not found in request'}, status=status.HTTP_400_BAD_REQUEST)

        response = post('https://accounts.api.com/api/token', data={
            'code': code,
        }).json()

        print(response)

        user = request.user
        access_token = response.get('access_token')

        token = APITokenModel(user=user, access_token=access_token)

        token.save()

        return redirect('frontend')

I have other Views that make requests and it has been able to get the token to know who the user is, but when this View is called I get a 401 Unauthorized error.

How do I let Django know the token I'm receiving from the other app's api belongs to the current user?

also... when I take off permissions and authentication class from the View it returns the user as Anonymous User

Answer 1

First, what authentication class are you using? You should know that your TokenAuthentication class uses the Authorization header in your request to authenticate you. If that's not been passed then you should fix that.

It would be worth knowing that you don't send auth tokens as GET and should not be sent as those. Unless of course you want to write an Authentication class of your own.

EDIT In lieu of our discuss in the comments, try this redirect...

# import the class
from django.http import HttpResponseRedirect
# now redirect
return HttpResponseRedirect(redirect_to="url", headers=dict)