django-ninja icon indicating copy to clipboard operation
django-ninja copied to clipboard

Published 20 hours ago • verified publisher icon vitalik

Authentications with logical operators

Open lololozhkin opened this issue 2 years ago • 2 comments

Hi, ninja is really cool project, thank you for that!

The issue: swagger allows us to combine different authentications using logical operators, but ninja allows us to use them only with OR operator. (using the first suitable authentication). But sometimes we need to use all authentications, for example, I need to use secret authentication for all queries AND Bearer authorization for most endpoints. Could you please add this functionality.

Now I am using middlewares for these purposes, but they don't appear in swagger :(

https://github.com/vitalik/django-ninja/blob/4e7fc53e57f98c21bf63da7d6b00688dee6185c0/ninja/operation.py#L137 the reference in source code, where the auth checking comes in

lololozhkin avatar Aug 10 '21 09:08 lololozhkin

Hey, Alexander! Curious proposal.

The non-obvious part is what's being expected in request.auth. In current version it's the first true authentication result as checks are performed in order. With AND and OR operators that order is counter-intuitive. For example, with "(true1 AND true2) OR (false1 AND true3) OR true4" the request.auth could be true1, as well as true2 and true4.

igoose1 avatar Aug 10 '21 19:08 igoose1

https://swagger.io/docs/specification/authentication/ Using Multiple Authentication Types

vitalik avatar Nov 24 '23 13:11 vitalik