The problem is that I get 401 with swagger and also with openedx client. My API user is superuser so I’m sure it has access to all data. Looking into the code for this endpoint I found:
class EnrollmentAllowedView(APIView):
"""
A view that allows the retrieval and creation of enrollment allowed for a given user email and course id.
"""
authentication_classes = (
JwtAuthentication,
)
permission_classes = (permissions.IsAdminUser,)
throttle_classes = (EnrollmentUserThrottle,)
serializer_class = CourseEnrollmentAllowedSerializer
This is the view responsible for the said endpoint. As the code says, it only accepts JWT auth and unlike the EnrollmentListView(APIView, ApiKeyPermissionMixIn) view, it doesn’t inherit from ApiKeyPermissionMixIn which causes the rest client to fail, I guess. Please guide me on using JWT auth with API user or any other way of getting a list of allowed enrolls for a course.
There is also DEBUG level logging for JWT authentication errors which may help. Unfortunately, it may just give a generic error, but maybe the stacktrace will help. The error message has been improved, but this is in a newer version of edx-drf-extensions. Here is the latest version of JwtAuthentication, but you’d need to see what version quince is running,
I tried getting a JWT token as said in the docs and it worked. Thank you. Also for using with the rest client, you need to set bearer=False when initiating the client.
But is there any specific reason for this endpoint not supporting ApiKeyPermissionMixIn? Honestly this inconsistency is kinda confusing. Specially when there is no proper documentation for this endpoint authentication class, not even in swagger. I expected this endpoint to accept bearer api key like other endpoints that I’d used before but suddenly I got 401 and had to look into the code to find the issue.
So, is there any plan for deprecating bearer api key or just that the guys forgot to add it or any other reason? : )