Django - Disable authenticator for specific urls in urls.py?

Question

So I have a Django app with Swagger, but I also added a custom authenticator to every endpoint automatically with

settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'cheers.utils.authenticator.CognitoAuthentication',
    ),
}

urls.py

schema_view = get_schema_view(
    openapi.Info(
        title="Resource API",
        default_version="v1",
        description="A sample API for resource with DRF",
        terms_of_service="https://www.google.com/policies/terms/",
        contact=openapi.Contact(email="cheersocialinc@gmail.com"),
        license=openapi.License(name="BSD License"),
    ),
    public=True,
    permission_classes=(
        permissions.AllowAny,),  # Anyone have access to API documentation
)

if settings.DEBUG:
    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
    urlpatterns += ADMIN_URLS
    urlpatterns += SWAGGER_URLS

How do I turn this off for swagger and admin url? The reason I'm not sure is because Swagger and admin is added to URLs it's not a view

urls.py

How do I disable automatic authentication for swagger?
Also I guess a side question would be how to disable this URL when debug is False

score 0 · Answer 1 · answered Oct 13 '21 at 10:21

To disable authentication | permission on swagger urls, set permission_classes in get_schema_view like this :

urls.py

from django.urls import path
from rest_framework import permissions
from rest_framework.schemas import get_schema_view
from django.conf import settings

schema_view = get_schema_view(
    openapi.Info(
        title="Resource API",
        default_version="v1",
        description="A sample API for resource with DRF",
        terms_of_service="https://www.google.com/policies/terms/",
        contact=openapi.Contact(email="your_email@yopmail.com"),
        license=openapi.License(name="BSD License"),
    ),
    public=True,
    permission_classes=(
    permissions.AllowAny, ),  # Anyone have access to API documentation
)

if settings.DEBUG == False
    # urlpatterns
    urlpatterns = [
        # Production urls only
    ]
else:
    urlpatterns = [
        # Production urls + swagger doc urls
        path(
        'doc/',
        schema_view.with_ui('swagger', cache_timeout=0),
        name='schema-swagger-ui'),
    ]

For Django admin without authentication follow this post.

hmmm I already have the `schema_view` setup you put down, but it still seems to be denying — , Oct 14 '21 at 00:54

Django - Disable authenticator for specific urls in urls.py?

1 Answers1