-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to implement multiple auth methods #295
Comments
+1 |
As I discovered, if you want to use optional auth extractor, just make use actix_web::{App, HttpServer}; // version 4.2.1
use actix_web_httpauth::middleware::HttpAuthentication; // version 0.8.0
pub async fn validator(
req: ServiceRequest,
credentials: Option<BearerAuth>,
) -> Result<ServiceRequest, (Error, ServiceRequest)> {
...
}
HttpServer::new(move || {
App::new()
.wrap(HttpAuthentication::with_fn(validator))
...
}) |
Just tried this and works beautifully. Thank you @mohsenpakzad! I think it would be a good idea to add this as official example code. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried to ask this question on the Gitter channel linked in the new issue form but it appears to be dead.
I am trying to implement two optional forms of authentication on my REST API: cookie (using actix-session) and bearer token (using actix-web-httpauth). My thought would be to check if the
Authorization: Bearer <token>
header is present first, if it isn't, then allow the request to be handled by the session middleware. However, I see no way to handle the case where the bearer header is missing without returning a 401. I see the idea of an optional auth header has been raised a few times (#156 , #137 , #6 ) and it was suggested that there are existing methods to handle this and such a feature won't be implemented. However, I wasn't able to find any way to achieve this.I see an "optional auth extractor" was merged in #205 but I'm not clear on how to use this as there's nothing in the documentation referring to it.
Can someone please describe a way to implement multiple authentication methods?
The text was updated successfully, but these errors were encountered: