Can't use multiple authentication classes

[nancyhawa]

I'm trying to allow two different forms of authentication and am listing them as authentication classes in my views file like so:

authentication_classes = (JSONWebTokenAuthentication, MyCustomAuthentication,)

I'm finding that either one works on it's own, but that if I try to use both, it will either authenticate or return a 401 based on the FIRST authentication class listed, instead of as this document suggests, iterating through them and returning the values for the first class for which it successfully authenticates. http://www.tomchristie.com/rest-framework-2-docs/api-guide/authentication

Do you have an idea of why that might be?

[douglashall]

I have also noticed this behavior and it seems like this line is the problem:

https://github.com/encode/django-rest-framework/blob/master/rest_framework/request.py#L379

Re-raising the exception there does not seem to be inline with the documented or intended behavior.

[douglashall]

Actually, nevermind. If the authentication class returned None instead of raising an exception this would work as expected. I think my underlying problem is that I am using django-rest-framework-jwt which raises the exception I am running into.

[nkman]

Chained N "AND" authentication classes can be made to run only if first N-1 classes return either None or exceptions and last class return exception or tuple.