Open mike-lloyd03 opened 2 years ago
+1
It looks like #205 was removed in #264. Been poking around most of the morning on how to impl WithRequest
as the PR mentions but can't seem to get it. Would greatly appreciate any insight on how to do this.
As I discovered, if you want to use optional auth extractor, just make BearerAuth
be an option in your validator and use HttpAuthentication::with_fn
function instead of HttpAuthentication::bearer
.
use actix_web::{App, HttpServer}; // version 4.2.1
use actix_web_httpauth::middleware::HttpAuthentication; // version 0.8.0
pub async fn validator(
req: ServiceRequest,
credentials: Option<BearerAuth>,
) -> Result<ServiceRequest, (Error, ServiceRequest)> {
...
}
HttpServer::new(move || {
App::new()
.wrap(HttpAuthentication::with_fn(validator))
...
})
Just tried this and works beautifully. Thank you @mohsenpakzad! I think it would be a good idea to add this as official example code.
I tried to ask this question on the Gitter channel linked in the new issue form but it appears to be dead.
I am trying to implement two optional forms of authentication on my REST API: cookie (using actix-session) and bearer token (using actix-web-httpauth). My thought would be to check if the
Authorization: Bearer <token>
header is present first, if it isn't, then allow the request to be handled by the session middleware. However, I see no way to handle the case where the bearer header is missing without returning a 401. I see the idea of an optional auth header has been raised a few times (#156 , #137 , #6 ) and it was suggested that there are existing methods to handle this and such a feature won't be implemented. However, I wasn't able to find any way to achieve this.I see an "optional auth extractor" was merged in #205 but I'm not clear on how to use this as there's nothing in the documentation referring to it.
Can someone please describe a way to implement multiple authentication methods?