Ctrl+K

Security schemes#

OpenAPI authentication or security schemes can be specified indicating to users how they should authenticate. To do so a security requirement and security scheme should be defined as extension arguments. For example for a security tagged app_id that comprises of an API key passed as a querry arg called appID:

from quart_schema import QuartSchema

QuartSchema(
    app,
    security=[{"app_id": []}],
    security_schemes={
        "app_id": {"type": "apiKey", "name": "appID", "in": "query"}
    },
)

This will then apply to all routes unless overridden. For example to remove security from a route:

from quart_schema import security_scheme

@app.get("/")
@security_scheme([])
async def route():
    ...

Warning

Security schemes are for documentation only, they do no authentication and should not be relied on for security.

Show Source