def is_authorized(*, strict=False):
"""
Runs all configured auth challenges in order.
Returns True only if all required (or all, if strict=True) challenges succeed.
- If strict=True: ALL challenges (required/optional) must succeed.
- If strict=False: only required challenges must succeed; optional failures logged.
"""
if not _challenges:
return True # No challenge configured: allow all
for challenge in _challenges:
if not challenge.check(strict=strict):
return False
return True