[Twisted-Python] Light-est-weight http authentication

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Mon Feb 8 16:02:26 EST 2010

On 08:19 pm, brad.milne at devx.runthered.com wrote:
>Just in terms of configuration. It seems that Guard, for example, is
>designed to cache the credentials and maintain a session. My 
>requirement is
>just for a single request, so session maintenance seems like overhead.

Ah, I see.  Past versions of Guard were much more into that whole thing 
than what you'll currently find at twisted.web.guard.  There is no 
caching and no implication of a session.
>Also in upskill time. The Twisted NPE book, for example, says "It might 
>you a little while to understand all the classes and interfaces in
>twisted.cred, and at first you might wonder why it's necessary to have 
>system with so many moving parts. The answer is that this system is 
>to be extremely flexible." (pg 92)
>That sounds like a great toolset, but the cost is to those that require 
>minimalist solution, but still need to develop an understanding of the
>greater picture to achieve that.

Argh.  I don't know what the point is of saying something is complicated 
in the explanation of the thing.  Either the explanation will seem 
complicated to the reader or it won't.  All you can hope to accomplish 
by announcing it in advance is to scare off people who would have other 
been able to understand what was going on.
>Finding Twisted documentation seems to be generally difficult, so if I 
>find the 'lightest' (extra code) and 'lightest' (ramp-up time) 
>that what I was hoping for a pointer towards.

It's definitely true that there isn't a lot of documentation for Guard. 
I've written up something, though (which hopefully will soon be included 
in Twisted itself, to make it easier to find), which I think will get 
you up to speed on using Guard pretty quickly:


The final example, which sets up an actual Twisted Web server protected 
by digest auth (basic is even easier), only takes 16 lines.

If that's still not to your liking, then you can always fall back to the 
much more tedious, much less elegant, request.getUsername() and 
request.getPassword() approach. :)  You'll have to rely on the API docs 
for that approach, though, as far as I know there are no prose-style 
introductions for it.
>PS - did you mean µs?? Or have you really measured the power 
>consumption in

A fairly accurate conversion between µs and µW is pretty 
straightforward, given a few things about your hardware...  :)


More information about the Twisted-Python mailing list