[Twisted-web] Porting the features of nevow.guard to twisted.web.guard

Glyph glyph at twistedmatrix.com
Wed Jan 4 20:40:45 EST 2012

On Jan 3, 2012, at 10:38 AM, L. Daniel Burr wrote:

> Hi Jean-Paul,
> On Tue, 03 Jan 2012 08:24:20 -0600, <exarkun at twistedmatrix.com> wrote:
>> On 27 May 2011, 06:47 pm, ldanielburr at gmail.com wrote:
>>> Hi gang,
>>> Per a short chat with exarkun (thanks exarkun), I'm posting this to the
>>> list for discussion.
>>> A project upon which I am working requires a twisted.web service that
>>> allows a user to delegate authentication/authorization to a third
>>> party,
>>> e.g., Facebook, Twitter, et cetera.  In so doing, I've found myself
>>> missing nevow.guard, since web.guard currently only has out-of-the-box
>>> support for HTTP Auth.  I'd like to see web.guard expand to cover more
>>> kinds of auth, such as form-based auth or the OAuth-based solutions
>>> coming
>>> from so many social graph sites.
>>> With this in mind, I asked exarkun about this, and he mentioned that
>>> the
>>> only thing he does not consider to be garbage in nevow.guard is the
>>> feature-set, and that I should port the features to web, discarding the
>>> baggage.
>>> I'd like to solicit the list for some guidance as to what those
>>> features
>>> are, or should be, and hopefully end up with a ticket describing the
>>> features to be implemented, which I will then attempt to implement and
>>> contribute to twisted.web.
>> Hiya Daniel,
>> This didn't generate as much discussion as I hoped. :)  However, I think
>> you went ahead and started a project - txsomethingsomething?  How is
>> that working out?
>> Jean-Paul
> There is a project, https://github.com/minskmaz/txWebAuth, to which I  
> contributed a tiny amount of code.  Neither the main author nor myself  
> have done much to progress the work, but there is a rudimentary design in  
> place at least.  The only major difference between txWebAuth and guard is  
> some widening of the ICredentialFactory interface, which is necessary to  
> allow for form-based and OAuth flows.

Thanks for the update, Daniel.

If that's really all there is to it, would this widening of ICredentialFactory be appropriate to just include in Twisted?  Would that help OAuth (and its ilk) move forward in the txEcosystem?


More information about the Twisted-web mailing list