is it possible to return different versions of views based on authenticated or not about flask-httpauth HOT 5 CLOSED

This is currently not possible, but you are not the first to request this. The problem is that the current version of the extension will directly return a 401 error when the request does not include the authorization header. The change that I was planning to make was to allow the password validation password to be called even when the header is missing. You can then return True from the password validation callback and set something in flask.g to indicate to the route that there is no user authenticated.

from flask-httpauth.

But still, it seems that your solution right now still requires an auth header in the request, or it would abort 401 anyway.

from flask-httpauth.

Correct, this requires a change that I was considering for the future, it
is not possible right now. I'll try to look into it tomorrow.
On Feb 4, 2015 11:25 PM, "fyears" [email protected] wrote:

But still, it seems that your solution right now still requires an auth
header in the request, or it would abort 401 anyway.

—
Reply to this email directly or view it on GitHub
#17 (comment)
.

from flask-httpauth.

Addressed in version 2.4.0. In this version for requests that don't have an Authorization header the extension calls the verify_password() callback with username and password set to empty strings. You can opt to return True and that will let the request through. You can write something to flask.g so that the route know the user is anonymous.

from flask-httpauth.

Thank you.

Just a reference, this issue is solved in commit 5c5396b .

from flask-httpauth.