[Twisted-Python] Authentication & Access Control system for web services

Jason J. W. Williams jasonjwwilliams at gmail.com
Thu Mar 10 17:47:21 EST 2011 

I believe this implements OAuth 2 for Twisted using Twisted Cred:

https://github.com/simplegeo/txoauth

-J

On Thu, Mar 10, 2011 at 2:16 PM, George Pauly
<george at ringdevelopment.com> wrote:
> Allen,
>
> In my very limited experience with Twisted,
>
> On Thu, 2011-03-10 at 14:01 -0600, Allen Bierbaum wrote:
>> I have been looking into this further and decided on an API that works
>> as follows:
>>
>> - Use HTTPS for all requests
>> - POST to /session to create a new session token
>>   - pass in username and password as parameters
>>   - returns token string to be used for all further communication
>
> In the non-https case, roll a salt and other items (ip address, user
> agent, etc) into a secondary session key on the server.
>
>> - All further requests must have the token string which is used to
>> lookup the user/session
>>   - on the server, the token will map to a user object to give me
>> information about their access rights, etc.
>>
>
> that's all I've ever needed: use the session key (token) to access an
> object array - the accessed object has all the twisty magic.
>
>> Now the question is how does this fit into twisted's view of the
>> world.  The twisted web in 60 seconds tutorials [1] seem focused on
>> using HTTP Auth for credential checking and a internal cookie
>> (TWISTED_SESSION) for session management.  Is there an easy way to
>> adapt these to my needs or do I need to roll my own code for this type
>> of twisted.web usage?
>
> Now you've gone back to credentials - this is outside of my experience
> with Twisted.  Sessions are simple enough with Python alone in a twisted
> app.  I'll need to use credentials soon so I hope you get an answer.
>
> Anybody using OpenID or webID instead of login/password?  Could be
> better...
>
>>
>> -Allen
>>
>
> George
> --
> George Pauly
> Ring Development
> www.ringdevelopment.com
>
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>

More information about the Twisted-Python mailing list