From 0a53bb01190d7d529e182b3d842d1f443b2ddb9b Mon Sep 17 00:00:00 2001
From: Roni Choudhury <roni.choudhury@kitware.com>
Date: Thu, 25 Jan 2024 20:06:28 -0500
Subject: [PATCH] Implement alternative WWW-Authenticate generation behaviors

---
 rest_framework/views.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/rest_framework/views.py b/rest_framework/views.py
index 4c30029fd..830557033 100644
--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@@ -107,6 +107,7 @@ class APIView(View):
     renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES
     parser_classes = api_settings.DEFAULT_PARSER_CLASSES
     authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES
+    www_authenticate_behavior = api_settings.WWW_AUTHENTICATE_BEHAVIOR
     throttle_classes = api_settings.DEFAULT_THROTTLE_CLASSES
     permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
     content_negotiation_class = api_settings.DEFAULT_CONTENT_NEGOTIATION_CLASS
@@ -186,8 +187,13 @@ class APIView(View):
         header to use for 401 responses, if any.
         """
         authenticators = self.get_authenticators()
+        www_authenticate_behavior = self.www_authenticate_behavior
         if authenticators:
-            return authenticators[0].authenticate_header(request)
+            if www_authenticate_behavior == 'first':
+                return authenticators[0].authenticate_header(request)
+            elif www_authenticate_behavior == 'all':
+                challenges = (a.authenticate_header(request) for a in authenticators)
+                return ', '.join((c for c in challenges if c is not None))
 
     def get_parser_context(self, http_request):
         """