Auth0 docs contain boilerplate ready-to-use code (Auth0 Python API SDK Quickstarts: Authorization) that can be used to allow requests to certain routes only by authenticated users.
What we would like to do, is to have a route decide if it requires auth based on the info contained in the request itself:
- If the request contains an authorization header and token, then require auth as per “@requires_auth” decorator (check that token is valid, and so on)
- If the request DOESN’T contain an authorization header and token, skip "@requires_auth (the code related to this route will behave differently in that case)
Is this possible?
# This needs authentication
@APP.route("/api/private")
@cross_origin(headers=["Content-Type", "Authorization"])
@requires_auth
def private():
response = "Hello from a private endpoint! You need to be authenticated to see this."
return jsonify(message=response)
For example, in the above code (example code by auth0), we’d like to modify “/api/private” route such that, if the request doesn’t contain authorization header and token, @requires_auth requirement is skipped, and the code does something else instead for that route.