Closed filipagh closed 1 year ago
In this context, optional
is a way to make authentication optional ; i.e., continue with the request even if no user is authenticated. However, it makes sense that if a user is authenticated, we should check for the required permissions, even if there is the optional
flag.
If you want to check for permissions, but not raising any 401/403 error, you can manually check for them in your route handler and do what you need to ; like enabling some features. For example:
@app.get("/optional-user")
async def get_optional_user(
access_token_info: Optional[FiefAccessTokenInfo] = Depends(
auth.authenticated(optional=True)
),
):
if "my_permission" in access_token_info["permissions"]:
# Enable feature
return {"hello": "world"}
ok i was not sure if its intended or not
i will use example you provided thanks
https://github.com/fief-dev/fief-python/blob/dc093cd0d02d80e94a6767e769a9287830fb32f7/fief_client/integrations/fastapi.py#L182
to find out if token has specific permissions without make request to fief i use fief authenticated function with optional param, but it will always fail with 403 Forbidden
i think in mentioned code last except should also return null if optional is True