You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a little hole in vibe.web.auth: imagine a situation, where I want everyone to be able to access the endpoint, but still want to know, whether this is a registered users and what roles does he have.
Currently I can do:
@noAuth get() // Anyone can access, but I don't know, if he is authenticated and who he is
@anyAuth get(AuthInfo authInfo) // I do know, who the user is, but unless he is authenticated, he cannot access.
What I would like to have is:
@anyAuth get(Nullable!AuthInfo authInfo) // If user is not authenticated authInfo is Nullable.null
Suggested solution: allow an authentication method overload, which returns Nullable:
@requiresAuthentication
interfaceAPI {
// either of these two can be used
@noRoute AuthInfo authenticate(HTTPServerRequest, HTTPServerResponse);
@noRoute Nullable!AuthInfo authenticate(HTTPServerRequest, HTTPServerResponse);
// Authentication required – if there is only Nullable authenticate variant and it returns null, 401 is returned
@anyAuth get(AuthInfo auth);
// Authentication not required, but still attempted
@anyAuth get(Nullable!AuthInfo auth);
}
The text was updated successfully, but these errors were encountered:
Hello,
I found a little hole in vibe.web.auth: imagine a situation, where I want everyone to be able to access the endpoint, but still want to know, whether this is a registered users and what roles does he have.
Currently I can do:
What I would like to have is:
Suggested solution: allow an authentication method overload, which returns Nullable:
The text was updated successfully, but these errors were encountered: