Advanced Auth¶
Multiple Auth Backends¶
Sometimes you’ll want to use multiple auth backends to protect the same endpoints. An example is using Session Auth for web users and Token Auth for mobile app users.
You can do this using AuthenticationBackendJunction
which wraps multiple
AuthenticationBackend
subclasses, and tries each in turn. If none of
them successfully authenticate, then authentication fails.
from piccolo_api.session_auth.middleware import SessionsAuthBackend
from piccolo_api.shared.auth.junction import AuthenticationBackendJunction
from piccolo_api.token_auth.middleware import (
TokenAuthBackend,
SecretTokenAuthProvider,
)
from starlette.middleware.authentication import AuthenticationMiddleware
app = AuthenticationMiddleware(
my_asgi_app,
backend=AuthenticationBackendJunction(
backends=[
SessionsAuthBackend(),
TokenAuthBackend(
SecretTokenAuthProvider(tokens=["abc123"])
)
],
)
)