bird-house · mishaschwartz · May 22, 2026 · fmigneault · May 22, 2026 · fmigneault
diff --git a/twitcher/adapter/base.py b/twitcher/adapter/base.py
@@ -75,6 +75,17 @@ def response_hook(self, response: Response, service: ServiceConfig) -> Response:
         """
         raise NotImplementedError
 
+    def verify_hook(self, request: Request, service: ServiceConfig) -> bool:
+        """
+        Apply additional logic used to verify whether a request should be rejected.
+
+        .. versionadded:: 0.11.2
+
+        Return False to indicate that the verify endpoint should return a "forbidden"
+        response regardless of whether the request is verified.
+        """
+        raise NotImplementedError
+
     def send_request(self, request: Request, service: ServiceConfig) -> Response:
         """
         Performs the provided request in order to obtain a proxied response.

diff --git a/twitcher/adapter/default.py b/twitcher/adapter/default.py
@@ -48,5 +48,8 @@ def request_hook(self, request, service):
     def response_hook(self, response, service):
         return response
 
+    def verify_hook(self, request, service):
+        return True
+
     def send_request(self, request: Request, service: ServiceConfig) -> Response:
         return send_request(request, service)
diff --git a/twitcher/owsproxy.py b/twitcher/owsproxy.py
@@ -190,7 +190,9 @@ def owsverify_view(request: Request) -> Response:
     try:
         service_name = request.matchdict.get('service_name')
         service = request.owsregistry.get_service_by_name(service_name)
-        if service and request.is_verified:
+        adapter = request.adapter
+        hook_success = adapter.verify_hook(request, service)
+        if service and hook_success and request.is_verified:
             message, status, access = "allowed", 200, True
     except Exception as exc:
         LOGGER.exception("Security check failed due to unhandled error.", exc_info=exc)