We have a project that has class views in blueprints. It seems that the on_authentication_failure handler of the blueprint is taking precedence over one specified for the class decorator.

In principle, the most granular-level handler should be the one that fires first.

I'm rethinking this. Conceptually, blueprints are sets of endpoints. As such, any auth handling done at the blueprint level should apply to any endpoint in the set. If it doesn't, the endpoint doesn't belong in the set. If something more custom needs to be done, the endpoint should be placed in a separate, more permissive blueprint, which could certainly have the same URL prefix.

This is how flask works, as well - blueprint handling happens before a class or route is even checked.

Closing this issue; I do not intend to make any changes in precedence behavior.