Firebase backend to receive a user idToken and authenticate via Django REST Framework 'authentication.BaseAuthentication'. Optionally, a new local user can be created in the process.
Adds the option for a request without any Authorization: JWT ... header to be passed through as an AnonymousUser (per main Django auth) rather than raise an exception.
This allows views to use FirebaseAuthentication for authentication, but still have public / generally available views, via custom permissions.
A great example is a content API for a public-facing website, allowing public, unauthenticated access to the API on a read-only basis, but requiring an admin login to POST / PUT / DELETE, etc.
The option is an opt-in, configurable via settings. DRF_FIREBASE_AUTH.ALLOW_ANONYMOUS_REQUESTS so that default behaviour is unchanged.
Adds the option for a request without any
Authorization: JWT ...
header to be passed through as anAnonymousUser
(per main Django auth) rather than raise an exception.This allows views to use
FirebaseAuthentication
for authentication, but still have public / generally available views, via custom permissions.A great example is a content API for a public-facing website, allowing public, unauthenticated access to the API on a read-only basis, but requiring an admin login to
POST
/PUT
/DELETE
, etc.The option is an opt-in, configurable via
settings. DRF_FIREBASE_AUTH.ALLOW_ANONYMOUS_REQUESTS
so that default behaviour is unchanged.