[Twisted-Python] Authentication & Access Control system for web services
Jason J. W. Williams
jasonjwwilliams at gmail.com
Thu Mar 10 17:47:21 EST 2011
I believe this implements OAuth 2 for Twisted using Twisted Cred:
On Thu, Mar 10, 2011 at 2:16 PM, George Pauly
<george at ringdevelopment.com> wrote:
> In my very limited experience with Twisted,
> On Thu, 2011-03-10 at 14:01 -0600, Allen Bierbaum wrote:
>> I have been looking into this further and decided on an API that works
>> as follows:
>> - Use HTTPS for all requests
>> - POST to /session to create a new session token
>> - pass in username and password as parameters
>> - returns token string to be used for all further communication
> In the non-https case, roll a salt and other items (ip address, user
> agent, etc) into a secondary session key on the server.
>> - All further requests must have the token string which is used to
>> lookup the user/session
>> - on the server, the token will map to a user object to give me
>> information about their access rights, etc.
> that's all I've ever needed: use the session key (token) to access an
> object array - the accessed object has all the twisty magic.
>> Now the question is how does this fit into twisted's view of the
>> world. The twisted web in 60 seconds tutorials  seem focused on
>> using HTTP Auth for credential checking and a internal cookie
>> (TWISTED_SESSION) for session management. Is there an easy way to
>> adapt these to my needs or do I need to roll my own code for this type
>> of twisted.web usage?
> Now you've gone back to credentials - this is outside of my experience
> with Twisted. Sessions are simple enough with Python alone in a twisted
> app. I'll need to use credentials soon so I hope you get an answer.
> Anybody using OpenID or webID instead of login/password? Could be
> George Pauly
> Ring Development
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
More information about the Twisted-Python