From f2a61dc08d6d0aff17337a3892eed2b41c35d7f9 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@axim.org>
Date: Thu, 20 Jul 2023 15:02:34 -0400
Subject: [PATCH] feat: Add JwtAuthentication as a default DRF auth class.

By default DRF sets 'DEFAULT_AUTHENTICATION_CLASSES' to:

```
[
    'rest_framework.authentication.SessionAuthentication',
    'rest_framework.authentication.BasicAuthentication'
]
```

We also want to allow for JWT Authentication as a valid default auth
choice.  This will allow users to send JWT tokens in the authorization
header to any existing API endpoints and access them. If any APIs have
set custom authentication classes, this will not override that.

I believe this is a fairly safe change to make since it only adds one
authentication class and does not impact authorization of any of the
endpoints that might be affected.

Note: This change changes the default for both the LMS and CMS because
`cms/envs/common.py` imports this value from the LMS.
---
 lms/envs/common.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lms/envs/common.py b/lms/envs/common.py
index 5cd3a0c06c2d..8d47ecdf704a 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -3294,6 +3294,11 @@ def _make_locale_paths(settings):  # pylint: disable=missing-function-docstring
     'DEFAULT_RENDERER_CLASSES': (
         'rest_framework.renderers.JSONRenderer',
     ),
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'edx_rest_framework_extensions.auth.jwt.authentication.JwtAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework.authentication.BasicAuthentication'
+    ],
     'EXCEPTION_HANDLER': 'openedx.core.lib.request_utils.expected_error_exception_handler',
     'PAGE_SIZE': 10,
     'URL_FORMAT_OVERRIDE': None,