From a151865d0a74bc70d5cffe9112d7a5dc76a707d0 Mon Sep 17 00:00:00 2001 From: Mohsen Date: Mon, 11 Nov 2024 13:36:05 +0330 Subject: [PATCH] Enhance Documentation for authenticate Middleware Function (#9898) Clarified usage of allowUnauthenticated and allowUnregistered options, explaining their roles in controlling access for unauthenticated and unregistered users. --- .../advanced-development/api-routes/protected-routes/page.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/www/apps/book/app/learn/advanced-development/api-routes/protected-routes/page.mdx b/www/apps/book/app/learn/advanced-development/api-routes/protected-routes/page.mdx index d3c27188e6..920cb66a4e 100644 --- a/www/apps/book/app/learn/advanced-development/api-routes/protected-routes/page.mdx +++ b/www/apps/book/app/learn/advanced-development/api-routes/protected-routes/page.mdx @@ -69,8 +69,9 @@ The `authenticate` middleware function accepts three parameters: 1. The type of user authenticating. Use `user` for authenticating admin users, and `customer` for authenticating customers. You can also pass `*` to allow all types of users. 2. An array of types of authentication methods allowed. Both `user` and `customer` scopes support `session` and `bearer`. The `admin` scope also supports the `api-key` authentication method. -3. An optional object of configurations accepting the following property: +3. An optional object of configurations accepting the following properties: - `allowUnauthenticated`: (default: `false`) A boolean indicating whether authentication is required. For example, you may have an API route where you want to access the logged-in customer if available, but guest customers can still access it too. + - `allowUnregistered` (default: `false`): A boolean indicating if unregistered users should be allowed access. This is useful when you want to allow users who aren’t registered to access certain routes. ---