I upgraded a medium sized (~1.5k LOC) app to 0.4 yesterday (roughly a couple hours of work) and ended up introducing my own auth component to replace the old Auth stuff.
I have an authentication component that generates an
Account object from request data inside
resolve() and I have an
AuthenticationHooks class that hooks into
on_request and blocks unauthenticated requests, very much like the example in the docs.
def __init__(self, handler_whitelist=None) -> None:
self.handler_whitelist = set(handler_whitelist or )
def on_request(self, route: Route, account: Account = None) -> None:
if getattr(route.handler, "no_auth", False) or route.handler in self.handler_whitelist:
if not account:
"message": "invalid api key",
from apistar.server.handlers import serve_schema
event_hooks = [
One thing I ended up missing was the old
Environment object so I rolled my own: https://github.com/Bogdanp/apistar_settings