Authentication Middleware¶
The authentication middleware is a simple django middleware that relies entirely on the list of sub middlewares provided by the configuration. Each sub middleware contains an engine, a field in request and a header. They work in the following way :
The header is a tuple representing header name (like
"Authorization") and expected prefix inside the header (like"Bearer"). If the prefix is empty, then only the token should be in the header value, otherwise we expects the header value to contain the prefix, a space and the token value.If the header isn’t present then the sub middleware is skipped.
Once we have extracted the token, it is decoded and verified through the authentication engine.
If anything has failed in this step, then an error (likely 403) will be raised.
Otherwise, we set the field in the request to be the decoded value.