The WWW-Authenticate header is not standardized for API Key authentication but the HTTP specification requires that an error of 401 "Unauthorized" must include a WWW-Authenticate header. Ref: https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized
(self)
| 29 | self.scheme_name = scheme_name or self.__class__.__name__ |
| 30 | |
| 31 | def make_not_authenticated_error(self) -> HTTPException: |
| 32 | """ |
| 33 | The WWW-Authenticate header is not standardized for API Key authentication but |
| 34 | the HTTP specification requires that an error of 401 "Unauthorized" must |
| 35 | include a WWW-Authenticate header. |
| 36 | |
| 37 | Ref: https://datatracker.ietf.org/doc/html/rfc9110#name-401-unauthorized |
| 38 | |
| 39 | For this, this method sends a custom challenge `APIKey`. |
| 40 | """ |
| 41 | return HTTPException( |
| 42 | status_code=HTTP_401_UNAUTHORIZED, |
| 43 | detail="Not authenticated", |
| 44 | headers={"WWW-Authenticate": "APIKey"}, |
| 45 | ) |
| 46 | |
| 47 | def check_api_key(self, api_key: str | None) -> str | None: |
| 48 | if not api_key: |
no test coverage detected