Let callback decide what to do when authentication type does not match

miguelgrinberg · Mar 12, 2016 · b942f98 · b942f98
1 parent f83a5c2
commit b942f98
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/flask_httpauth.py b/flask_httpauth.py
@@ -68,8 +68,12 @@ def decorated(*args, **kwargs):
                     # The Authorization header is either empty or has no token
                     pass
 
+            # if the auth type does not match, we act as if there is no auth
+            # this is better than failing directly, as it allows the callback
+            # to handle special cases, like supporting multiple auth types
             if auth is not None and auth.type.lower() != self.scheme.lower():
-                return self.auth_error_callback()
+                auth = None
+
             # Flask normally handles OPTIONS requests on its own, but in the
             # case it is configured to forward those to the application, we
             # need to ignore authentication headers and let the request through