If you have a comment on this topic, contact Aptify Documentation. If you want to return to the Aptify Community Site, please click here.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Allow Anonymous Requirement 

Add this requirement at the end point security block to bypass the authentication requirement all end points implicitly have.  This requirement does not need any additional metadata.  

Allow Anonymous Metadata Example
{
  "endpoints": {
    "ExamplesGetSingleProduct": {
      "security": {
        "AllowAnonymous": {
          "type": "AllowAnonymous"
        }
      }
    }
    //remaining metadata omitted
  }
}
Why did we add this security block to the end point instead of a route segment or input entity field?

Remember, requirements are executed in collections at 3 different levels (endpoint, route, and input fields). In order for a collection to pass at least one requirement in the collection must succeed. The framework always adds the a requirement at the end point level that requires authentication. Also all collections must pass their requirements.  Lets assume we are an anonymous user attempting to call the end point.  

If we add no additional security metadata all end points will have security that looks like this:

Collection NameRequirementsResult
EndpointRequire AuthenticationFail
RouteNonePass
Input FieldsNonePass


The authentication requirement will fail, the end point grouping will fail, and therefore the request will not be allowed to execute.

If we added the security block to the route level we would have:

Collection NameRequirementsResult
EndpointRequire AuthenticationFail
RouteAllow AnonymousPass
Input FieldsNonePass

The route grouping would pass, but the end point grouping would still fail so the request would not be allowed to execute.  Remember, all collections must pass for the request to proceed.  

When we add the security block to the end point level we have:

Collection NameRequirementsResult
EndpointRequire Authentication, Allow AnonymousRequire Authentication fails but Allow Anonymous passes, so this entire collection passes.
RouteNonePass
Input FieldsNonePass

All collections pass.  This allows the request to proceed and we get the desired result.  

 

 

  • No labels