Authentication in hug

Hug supports a number of authentication methods which handle the http headers for you and lets you very simply link them with your own authentication logic.

To use hug's authentication, when defining an interface, you add a requires keyword argument to your @get (or other http verb) decorator. The argument to requires is a function, which returns either False, if the authentication fails, or a python object which represents the user. The function is wrapped by a wrapper from the hug.authentication.* module which handles the http header fields.

That python object can be anything. In very simple cases it could be a string containing the user's username. If your application is using a database with an ORM such as peewee, then this object can be more complex and map to a row in a database table.

To access the user object, you need to use the hug.directives.user directive in your declaration.

def handler(user: hug.directives.user)

This directive supplies the user object. Hug will have already handled the authentication, and rejected any requests with bad credentials with a 401 code, so you can just assume that the user is valid in your logic.

Type of Authentication Hug Authenticator Wrapper Header Name Header Content Arguments to wrapped verification function
Basic Authentication hug.authenticaton.basic Authorization "Basic XXXX" where XXXX is username:password encoded in Base64 username, password
Token Authentication hug.authentication.token Authorization the token as a string token
API Key Authentication hug.authentication.api_key X-Api-Key the API key as a string api-key