You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is expected behavior, the auth schemes only have documentation purposes (and allow swagger UI to obtain the token) and do not involve any verification on fastapi side. This happens exclusively in auth.get_user.
In your case, you can do this to secure the endpoint:
When securing endpoint only by decorator dependencies, it doesn't secure it at all...
Here is the relevant code rip:
I'm expecting to get 403 when I don't send any Authorization header, but i get 200:
curl --location --request GET 'http://localhost:8000/templates'
Only when I use auth.get_user as a parameter for
list_templates
function like this:I get 403 when not sending Authorization header.
So, am I missing something? or do I have to use user for authentication will invoke?
The text was updated successfully, but these errors were encountered: