parse_authorization¶

gafaelfawr.auth.parse_authorization(context, *, only_bearer_token=False)¶

Find a token in the Authorization header.

Supports either Bearer or Basic authorization types (unless only_bearer_token is set). Rebinds the logging context to include the source of the token, if one is found.

Parameters:

context (RequestContext) – The context of the incoming request.
only_bearer_token (bool, default: False) – If set to True, only accept bearer tokens.

Returns:

Token if one was found, otherwise None.

Return type:

str or None

Raises:

InvalidRequestError – Raised if the Authorization header is malformed, if the type of authentication is unknown, or if only_bearer_token is True and the header used some other type of authentication.

Notes

A Basic Auth authentication string is normally a username and a password separated by colon and then base64-encoded. This method accepts a token in either the username or the password field.