Pyramid authentication and rest api

[tonthon]

Hi,

one of our web applications based on pyramid is actually handling
authentication through the SessionAuthenticationPolicy.

We've built a rest API that's reached by ajax calls.

We'd like to use the same one from a kivy based application.

Any idea how we could cleanly implement the authentication part ?

Cheers,

Gaston TJEBBES

[Jonathan Vanasco]

Gaston,

Could you explain this a bit more?  Some of your intent isn't clear.  I'm guessing you're not a native english speaker ?   I'm not sure what certain lines are referencing.

> We've built a rest API that's reached by ajax calls. 

Is that in Pyramid or Kivy ?

> We'd like to use the same one from a kivy based application ?

You'd like to use the same "what" from kivy ?

> Any idea how we could cleanly implement the authentication part ? 

What are you trying to implement the authentication on?

[Mariano Mara]

I believe he's accessing his REST API with an authenticated user (via
SessionAuthenticationPolicy). So he's able to do restful calls from
within the app and the information needed to validate the user is
contained in the cookie the policy is able to parse and understand in
each ajax call.

However if we wants to access the same API from another app (kivy in
this case), he's losing the session authentication provided by pyramid
and needs ideas to implement something that permits authentication.

I could suggest some ideas but I am afraid there is no easy ay to do it
(at least that I know) and this gets worse if you want to do
cross-domain calls.

[tonthon]

Le 16/05/2013 18:27, Jonathan Vanasco a �crit :

> Gaston,
>
> Could you explain this a bit more? Some of your intent isn't clear.
> I'm guessing you're not a native english speaker ? I'm not sure
> what certain lines are referencing.

You're right, I'm not a native english speaker :).

>
> > We've built a rest API that's reached by ajax calls.
> Is that in Pyramid or Kivy ?

Our web app, that's authenticated thanks to the
SessionAuthenticationPolicy, makes ajax calls to our rest API (to
get/add/edit/delete elements).
Those calls are consequently authenticated through the same Policy.

>
> > We'd like to use the same one from a kivy based application ?
> You'd like to use the same "what" from kivy ?

We'd like to use the same rest API from our kivy application.

>
> > Any idea how we could cleanly implement the authentication part ?
> What are you trying to implement the authentication on?

We'd like to authenticate calls coming from the kivy application
(through an api key for example).

> --
> You received this message because you are subscribed to the Google
> Groups "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to pylons-discus...@googlegroups.com.
> To post to this group, send email to pylons-...@googlegroups.com.
> Visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[Jonathan Vanasco]

General ideas....

1. If you can use an browser window, you may be able to use Porthole.js ( http://ternarylabs.github.io/porthole/ ).  That would let you authenticate into the web system, and then proxy requests / responses through the authenticated window.

2. I foresaw something like this in my app, and architected something different.  i tried to set as much logic outside of the pyramid view, and just used that to wrap the api call.   we actually try to use these internal apis as much as possible within our own code to consolidate the logic.

    /lib/api/internal.py

         def api_method( request , data_a , data_b , data_c ):

               pass

    /views/api_internal.py

         from ..lib.api import internal as internal_api

         @whatever()

         @view_config(etc)

         def api_method(request):

               result = internal_api.api_method()

               return result

3.  you might be able to have a different endpoint that uses a different authentication method , and then either:

       a- calls the function mapped to the original endpoint 

       b- creates a new request and dispatches it to that original endpoint.

   

[Laurence Rowe]

On Thursday, 16 May 2013 11:56:23 UTC-7, tonthon wrote:

Le 16/05/2013 18:27, Jonathan Vanasco a �crit :

> Gaston,
>
> Could you explain this a bit more?  Some of your intent isn't clear.
>  I'm guessing you're not a native english speaker ?   I'm not sure
> what certain lines are referencing.

You're right, I'm not a native english speaker :).

>
> > We've built a rest API that's reached by ajax calls.
> Is that in Pyramid or Kivy ?

Our web app, that's authenticated thanks to the
SessionAuthenticationPolicy, makes ajax calls to our rest API (to
get/add/edit/delete elements).
Those calls are consequently authenticated through the same Policy.

>
> > We'd like to use the same one from a kivy based application ?
> You'd like to use the same "what" from kivy ?

We'd like to use the same rest API from our kivy application.

>
> > Any idea how we could cleanly implement the authentication part ?
> What are you trying to implement the authentication on?

We'd like to authenticate calls coming from the kivy application
(through an api key for example).

I'm using pyramid_multiauth to have both persona / auth ticket for browser based authentication and basic auth for command line script authentication. This seems to work ok so far.

Laurence

[Jens W. Klein]

I use pyramid_multiauth and an own oauth2 authentication policy. This
works fine

Jens
--
Klein & Partner KG, member of BlueDynamics Alliance