TG2.2 Auth question (classifier, TGAuthMetaData, setup_auth)

[ozwyzard]

Hi,

I have a repoze.who classifier that classifies incoming requests into either 'api' or 'browser'.  I am registering the basic auth plugin for the 'api' requests.  When setup_auth() gets called the **who_args includes an entry for 'identifiers': [('api', <myBasicAuthPlugin>)], so setup_auth skips the creation of AuthTktPlugin

FOR EXAMPLE, if line 241 of tg/configuration/auth.py, instead of being:
    if 'identifiers' not in who_args:
        # setup authtkt plugin, and insert identifiers and authenticators to who_args
were to be:
    if :'identifiers' not in who_args:
        # setup authtkt plugin, append identifier, insert authenticator to who_args
    elif 'browser' not in map(lambda t:t[0], who_args['identifiers']) :
        # setup authtkt plugin, but insert identifier, insert authenticator to who_args
    else:
        pass

then the default auth method would get applied to 'browser' (if it is not present in the identifiers).

Granted the above is probably not a good idea, how should I go about to get the default (TG2.2, repoze v2) treatment for browser requests, but different treatment for 'api' requests?

Should I construct the AuthTkt plugin instance (just like setup_auth() does) and send it in as part of who_args (e.g. by configuring it in base_config.sa_auth.identifiers & challengers)?

Thanks!