django-ninja
django-ninja copied to clipboard
Authentications with logical operators
Hi, ninja is really cool project, thank you for that!
The issue: swagger allows us to combine different authentications using logical operators, but ninja allows us to use them only with OR operator. (using the first suitable authentication). But sometimes we need to use all authentications, for example, I need to use secret authentication for all queries AND Bearer authorization for most endpoints. Could you please add this functionality.
Now I am using middlewares for these purposes, but they don't appear in swagger :(
https://github.com/vitalik/django-ninja/blob/4e7fc53e57f98c21bf63da7d6b00688dee6185c0/ninja/operation.py#L137 the reference in source code, where the auth checking comes in
Hey, Alexander! Curious proposal.
The non-obvious part is what's being expected in request.auth
. In current version it's the first true authentication result as checks are performed in order. With AND and OR operators that order is counter-intuitive. For example, with "(true1 AND true2) OR (false1 AND true3) OR true4
" the request.auth
could be true1
, as well as true2
and true4
.
https://swagger.io/docs/specification/authentication/ Using Multiple Authentication Types