Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Optional authentication

See original GitHub issue

Is this already possible? Is it bad practice? If not, how difficult do you think it would it be to implement?

If you can point me in the right direction then I can try to create a PR

E.g. something along the lines of

@router.get("/secure", dependencies=[Depends(auth.implicit_scheme)])
def get_secure(
    user: Optional[Auth0User] = None
):
    return {"message": f"{user}"}

Issue Analytics

State:
Created 2 years ago
Comments:8 (6 by maintainers)

Top GitHub Comments

2reactions

dorinclisucommented, May 17, 2021

It is already supported, although you have to be extra careful.

By default auto_error = True so you will set it to false. In case of a failed authentication / authorization, auth.get_user returns None instead of raising Auth0UnauthenticatedException that triggers the typical 401 response.

auth = Auth0(...)
dangerous_auth = Auth0(..., auto_error=False)

@router.get("/secure", dependencies=[Depends(auth.implicit_scheme)])
def get_secure(
    user: Optional[Auth0User] = Security(dangerous_auth.get_user)
):
    if user is None:
       return {"message": "public user"}
    
    return {"message": f"{user}"}

Note that you can have multiple Auth0 objects in the same app, so if you have some endpoints that always need authentication (no public mixup), I recommend using the regular auth and leave dangerous_auth only for those public endpoints.

0reactions

dorinclisucommented, May 19, 2021

Released fix as 0.2.1

Top Results From Across the Web

Optional Authentication

Optional Authentication. Unlike a situation where you require authentication, you may come across certain scenarios where you can have a user logged in, ......

Optional Authentication for API?

Hi! Any tips for building an Optional Authentication Middleware for an API? I'm using Passport with Personal Tokens. I want to do something...

Support Optional Authentication Mechanisms - TechDocs

The following tasks that are related to optional authentication support are described: Create a Custom Identity Provider.

Required vs. Disabled vs. Optional Authentication

Required Authentication. The richest form of data collection · The double "opt-in" ensures your truest fans engage with you ; Disabled ...

javascript - Optional Authentication in nestjs

There is no built-in decorator but you can easily create one yourself. See the example from the docs: import { createParamDecorator } from ......