Strict mode off does not work

[BorjaEst]

See the following code example with flask (but probably extensible to all frameworks).

from flaat.flask import Flaat
from flask import Flask

app = Flask(__name__)
flaat = Flaat()

@app.route("/info", methods=["GET"])
@flaat.inject_user_infos(strict=False)  # Doesn't fail if no user
def info(user_infos=None):
    return user_infos.toJSON() if user_infos else "No userinfo"

app.run()

Then if you GET the endpoint info:

$ curl localhost:5000/info
{"error": "Unauthenticated", "error_description": "No authorization header"}

It shows the error was raised and we get Unauthenticated where acording to the docs it should return the defined response ("No userinfo" in this case).

[BorjaEst]

For those wondering why this behavior, it looks like this behavior is due to the lack of token. If you try the following it passes:

$ curl -H "Authorization: Bearer random_string" localhost:5000/info
No userinfo

Note that random_string is an actual RANDOM string, not intended to be a token. The validation is disabled so the authentication pass.

Now the question is if this is the desired behavior (where I am out of topic so I am closing the issue).

[marcvs]

Works thanks to #75