Python flask route: How to have a conditional "@requires_auth", based on presence or not of authorization header

Auth0 docs contain boilerplate ready-to-use code (Auth0 Python API SDK Quickstarts: Authorization) that can be used to allow requests to certain routes only by authenticated users.

What we would like to do, is to have a route decide if it requires auth based on the info contained in the request itself:

  • If the request contains an authorization header and token, then require auth as per “@requires_auth” decorator (check that token is valid, and so on)
  • If the request DOESN’T contain an authorization header and token, skip "@requires_auth (the code related to this route will behave differently in that case)

Is this possible?

# This needs authentication
@cross_origin(headers=["Content-Type", "Authorization"])
def private():
    response = "Hello from a private endpoint! You need to be authenticated to see this."
    return jsonify(message=response)

For example, in the above code (example code by auth0), we’d like to modify “/api/private” route such that, if the request doesn’t contain authorization header and token, @requires_auth requirement is skipped, and the code does something else instead for that route.