Django Rest Framework authentication and Django Middleware: Why request.user is anonymous?

2 min readJan 4


When using DRF and in in the context of Django middleware I have often found to be the case that request.user is an AnonymousUser. Why is that?

It is because the DRF authentication classes are executed after all the normal Django middleware are already in their get_response stage.

class DjangoMiddleware:
def __init__(self, get_response):
self.get_response = get_response

def __call__(self, request):
# request.user is AnonymousUser
# this will eventually call DRF
response = get_response(request)
# request.user should be defined at this point
return response

If you want to setup a logger enriched with user meta data it doesn’t not make sense to wait for the response from DRF to setup things properly… So what can you do to fix that?

A simple way to hook into DRF auth system is to subclass the authentication mechanism that you use. For example let’s say you are using Django REST Framework Simple JWT plugin you can subclass it this way:

# project/

from rest_framework_simplejwt.authentication import JWTAuthentication
# request_context is a ContextVar we use to share state
from project.request_context import request_context
import sentry_sdk

class JWTAuthenticationWithSidEffects(JWTAuthentication):
DRF does its own authentication that happens after Django middleware

def authenticate(self, request):
user_auth_tuple = super().authenticate(request)

if user_auth_tuple is None:
(user, token) = user_auth_tuple

# Then you can do what need to do with the user here
context = request_context.get()
context["user_id"] = user and
context["language"] = user and not user.is_anonymous and user.language
sentry_sdk.set_context("request", context)

return (user, token)

Then substitute the old authentication class with your own

- "rest_framework_simplejwt.authentication.JWTAuthentication",
+ "project.jwt_auth.JWTAuthenticationWithSidEffects",

You should now be able to use the request_context ContextVar within DRF. For example you could use it in a special logger or have a DRF Serializer that takes advantages of the user language to return a specific translations. Here is an example on how to use it:

from django.db import models
from rest_framework import serializers
from project.request_context import request_context

class DogBreed(models.Model):
name_fr = models.CharField(max_length=255)
name_de = models.CharField(max_length=255)
name_en = models.CharField(max_length=255)

class DogBreedSerializer(serializers.ModelSerializer):
name = serializers.SerializerMethodField()

def get_name(self, instance):
if rc := request_context.get():
lang = rc.get("language") or "en"
lang = "en"
return getattr(instance, f"name_{lang}")

class Meta:
model = DogBreed
fields = ["name"]

And voilà! that should work.




A Full Stack developer trying new things.

Recommended from Medium