gafaelfawr.auth.parse_authorization(context, *, only_bearer_token=False)

Find a token in the Authorization header.

Supports either Bearer or Basic authorization types (unless only_bearer_token is set). Rebinds the logging context to include the source of the token, if one is found.

  • context (RequestContext) – The context of the incoming request.

  • only_bearer_token (bool, default: False) – If set to True, only accept bearer tokens.


Token if one was found, otherwise None.

Return type:

str or None


InvalidRequestError – Raised if the Authorization header is malformed, if the type of authentication is unknown, or if only_bearer_token is True and the header used some other type of authentication.


A Basic Auth authentication string is normally a username and a password separated by colon and then base64-encoded. This method accepts a token in either the username or the password field.