-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for multiple authentication challenges in WWW-Authenticate header #9242
base: master
Are you sure you want to change the base?
Conversation
cc3a7e2
to
525979e
Compare
@@ -8,3 +8,4 @@ class RestFrameworkConfig(AppConfig): | |||
def ready(self): | |||
# Add System checks | |||
from .checks import pagination_system_check # NOQA | |||
from .checks import www_authenticate_behavior_setting_check # NOQA |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this line necessary? In my local build I was able to trigger the new error without it; I merely copied the pattern from the line above in my PR.
I am not sure what benefit this will provide? |
DRF supports having multiple alternative authentication schemes (which is great), but is not announcing that in the 401 |
Essentially, the value is in fulfilling the RFC's description of |
This adds a setting to enable emitting a comma-separated list of challenges in the
WWW-Authenticate
header that is returned with a 401 response.Fixes #7328 and resolves #7812.