FAQ | This is a LIVE service | Changelog

Set request user as well as auth information

Description

Set request.user as well as request.auth when authenticating a user.

Further details

In development the DRF shows the current authenticated user in the top-right. This is a convenient feature which doesn't happen when we're using API Gateway authentication. This is because the request.user attribute is kept None.

We do not need to auto-create a user in the database; we don't actually ever use the user in practice, but it would be nice to see it in request logs, etc.

Task list

  • Create a class derived from django.contrib.auth.models.AnonymousUser which is a non-anonymous user who has only an id. The AnonymousUser base class is suitable in other respects since it raises exceptions if one tries to use it as a Database user. The class can simply return the principal identifier as the .id attribute.
  • Update the authentication function to return an instance of this derived class.