The OAuth 2 specification doesn't define the challenge that should be used, because a `Bearer` token is not really the only option to authenticate. But declaring any other authentication challenge would be application-specific as it's not defined in the specificatio
(self)
| 399 | self.auto_error = auto_error |
| 400 | |
| 401 | def make_not_authenticated_error(self) -> HTTPException: |
| 402 | """ |
| 403 | The OAuth 2 specification doesn't define the challenge that should be used, |
| 404 | because a `Bearer` token is not really the only option to authenticate. |
| 405 | |
| 406 | But declaring any other authentication challenge would be application-specific |
| 407 | as it's not defined in the specification. |
| 408 | |
| 409 | For practical reasons, this method uses the `Bearer` challenge by default, as |
| 410 | it's probably the most common one. |
| 411 | |
| 412 | If you are implementing an OAuth2 authentication scheme other than the provided |
| 413 | ones in FastAPI (based on bearer tokens), you might want to override this. |
| 414 | |
| 415 | Ref: https://datatracker.ietf.org/doc/html/rfc6749 |
| 416 | """ |
| 417 | return HTTPException( |
| 418 | status_code=HTTP_401_UNAUTHORIZED, |
| 419 | detail="Not authenticated", |
| 420 | headers={"WWW-Authenticate": "Bearer"}, |
| 421 | ) |
| 422 | |
| 423 | async def __call__(self, request: Request) -> str | None: |
| 424 | authorization = request.headers.get("Authorization") |
no test coverage detected