I've setup DRF-YASG but am unable to figure out how tell it that is should use different authorizations for different routs. E.g.: My token endpoint(to POST,GET,DELETE api tokens) only accepts basic authentication but all the other views only work with token authentication.
I know i can define which Authentication methods are available in Swagge-ui
SWAGGER_SETTINGS = {
"DEFAULT_MODEL_RENDERING": "example",
'USE_SESSION_AUTH': False,
'SECURITY_DEFINITIONS': {
'Basic': {
'type' : 'basic',
'name' : 'Basic access authentication',
'in' : 'header',
},
'Bearer': {
'type' : 'apiKey',
'name' : 'Token Bearer authentikation',
'in' : 'header',
}
}
}
but there the client, browsing the Documentation, can still decide whether he wants to authorize with basic- or token-authentication. And if he doesnt know which works for which route it will probably fail.
Does anyone know a solution?
I have tried adding different authentication_classes
class AuthTokenEndpoint(GenericAPIView):
"""
This endpoint does all your token handling.
Here you can create, get or delete your token
"""
permission_classes = [DjangoModelPermissionsIncludingView,]
authentication_classes = [BasicAuthentication]
authentication_classes = [TokenAuthentication]
but nothing changed drf-yasg still does not restrict authentication methods for these views
