How to implement multiple auth methods #295
Comments
|
+1 |
|
As I discovered, if you want to use optional auth extractor, just make use actix_web::{App, HttpServer}; // version 4.2.1
use actix_web_httpauth::middleware::HttpAuthentication; // version 0.8.0
pub async fn validator(
req: ServiceRequest,
credentials: Option<BearerAuth>,
) -> Result<ServiceRequest, (Error, ServiceRequest)> {
...
}
HttpServer::new(move || {
App::new()
.wrap(HttpAuthentication::with_fn(validator))
...
}) |
|
Just tried this and works beautifully. Thank you @mohsenpakzad! I think it would be a good idea to add this as official example code. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried to ask this question on the Gitter channel linked in the new issue form but it appears to be dead.
I am trying to implement two optional forms of authentication on my REST API: cookie (using actix-session) and bearer token (using actix-web-httpauth). My thought would be to check if the
Authorization: Bearer <token>header is present first, if it isn't, then allow the request to be handled by the session middleware. However, I see no way to handle the case where the bearer header is missing without returning a 401. I see the idea of an optional auth header has been raised a few times (#156 , #137 , #6 ) and it was suggested that there are existing methods to handle this and such a feature won't be implemented. However, I wasn't able to find any way to achieve this.I see an "optional auth extractor" was merged in #205 but I'm not clear on how to use this as there's nothing in the documentation referring to it.
Can someone please describe a way to implement multiple authentication methods?
The text was updated successfully, but these errors were encountered: