TG2, repoze.who and multiple auth sources
43 views
Skip to first unread message
Sergei Beilin
Jun 15, 2009, 2:41:07 PM6/15/09
to TurboGears
Hello!
I've managed to enable OpenID auth in my TG2 app (ough, that was
terrible, too few examples and docs on that topic!)
Now what I need is the ability to login both via OpenID and via 'build-
in' default SQLAlchemy backend. How do I manage this?
My app.cfg now looks like this:
<code>
base_config.use_sqlalchemy = True
base_config.model = pyramid.model
base_config.DBSession = pyramid.model.DBSession
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.openid import OpenIdIdentificationPlugin
from repoze.who.plugins.openid.classifiers import
openid_challenge_decider
auth_tkt = AuthTktCookiePlugin('auth_tkt', 'auth_tkt')
openid_plugin = OpenIdIdentificationPlugin(store = 'mem',
openid_field = 'openid',
error_field = '',
store_file_path='',
session_name =
'beaker.session',
login_handler_path = '/
login_handler',
logout_handler_path = '/
logout_handler',
login_form_url = '/login',
logged_in_url = '/',
logged_out_url = '/',
came_from_field = 'came_from',
rememberer_name = 'auth_tkt')
base_config.sa_auth.authenticators =
[ ('repoze.whoplugins.openid.openid', openid_plugin) ]
base_config.sa_auth.challengers =
[ ('repoze.whoplugins.openid.openid', openid_plugin )]
base_config.sa_auth.challenge_decider = openid_challenge_decider
base_config.sa_auth.identifiers =
[ ('repoze.whoplugins.openid.openid', openid_plugin ),
('auth_tkt',auth_tkt)]
base_config.auth_backend = 'sqlalchemy'
base_config.sa_auth.dbsession = model.DBSession
base_config.sa_auth.user_class = model.User
base_config.sa_auth.group_class = model.Role
base_config.sa_auth.permission_class = model.Permission
base_config.sa_auth.translations.groups = 'roles'
base_config.sa_auth.translations.user_name = 'name'
base_config.sa_auth.translations.group_name = 'name'
base_config.sa_auth.translations.permission_name = 'name'
base_config.sa_auth.form_plugin = None
# base_config.sa_auth.form_identifies = True
base_config.sa_auth.post_login_url = '/post_login'
base_config.sa_auth.post_logout_url = '/post_logout'
</code>
Some code was left from the default SQLAlchemy-auth.
Thanks in advance!
--
Sergei
I've managed to enable OpenID auth in my TG2 app (ough, that was
terrible, too few examples and docs on that topic!)
Now what I need is the ability to login both via OpenID and via 'build-
in' default SQLAlchemy backend. How do I manage this?
My app.cfg now looks like this:
<code>
base_config.use_sqlalchemy = True
base_config.model = pyramid.model
base_config.DBSession = pyramid.model.DBSession
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.openid import OpenIdIdentificationPlugin
from repoze.who.plugins.openid.classifiers import
openid_challenge_decider
auth_tkt = AuthTktCookiePlugin('auth_tkt', 'auth_tkt')
openid_plugin = OpenIdIdentificationPlugin(store = 'mem',
openid_field = 'openid',
error_field = '',
store_file_path='',
session_name =
'beaker.session',
login_handler_path = '/
login_handler',
logout_handler_path = '/
logout_handler',
login_form_url = '/login',
logged_in_url = '/',
logged_out_url = '/',
came_from_field = 'came_from',
rememberer_name = 'auth_tkt')
base_config.sa_auth.authenticators =
[ ('repoze.whoplugins.openid.openid', openid_plugin) ]
base_config.sa_auth.challengers =
[ ('repoze.whoplugins.openid.openid', openid_plugin )]
base_config.sa_auth.challenge_decider = openid_challenge_decider
base_config.sa_auth.identifiers =
[ ('repoze.whoplugins.openid.openid', openid_plugin ),
('auth_tkt',auth_tkt)]
base_config.auth_backend = 'sqlalchemy'
base_config.sa_auth.dbsession = model.DBSession
base_config.sa_auth.user_class = model.User
base_config.sa_auth.group_class = model.Role
base_config.sa_auth.permission_class = model.Permission
base_config.sa_auth.translations.groups = 'roles'
base_config.sa_auth.translations.user_name = 'name'
base_config.sa_auth.translations.group_name = 'name'
base_config.sa_auth.translations.permission_name = 'name'
base_config.sa_auth.form_plugin = None
# base_config.sa_auth.form_identifies = True
base_config.sa_auth.post_login_url = '/post_login'
base_config.sa_auth.post_logout_url = '/post_logout'
</code>
Some code was left from the default SQLAlchemy-auth.
Thanks in advance!
--
Sergei
Gustavo Narea
Jun 15, 2009, 2:58:39 PM6/15/09
to turbo...@googlegroups.com
Hi, Sergei.
You should use different login and logout URLs for the OpenID and the
FriendlyForm (the built-in one) plugins. Both plugins shouldn't be configured
to use the same URLs, otherwise only one of them will work.
Once you change that, all you'd need to do is to update the "action"
attributes of the login forms accordingly (e.g., the regular login form will
be submitted to /login_handler and the OpenID login form will be submitted to
/login_openid).
I think that would be it. Please let us know if you need further information.
Cheers.
- Gustavo.
> --
Gustavo Narea <xri://=Gustavo>.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
You should use different login and logout URLs for the OpenID and the
FriendlyForm (the built-in one) plugins. Both plugins shouldn't be configured
to use the same URLs, otherwise only one of them will work.
Once you change that, all you'd need to do is to update the "action"
attributes of the login forms accordingly (e.g., the regular login form will
be submitted to /login_handler and the OpenID login form will be submitted to
/login_openid).
I think that would be it. Please let us know if you need further information.
Cheers.
- Gustavo.
Gustavo Narea <xri://=Gustavo>.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
Sergei Beilin
Jun 15, 2009, 3:25:45 PM6/15/09
to TurboGears
Hi Gustavo!
> You should use different login and logout URLs for the OpenID and the
> FriendlyForm (the built-in one) plugins. Both plugins shouldn't be configured
> to use the same URLs, otherwise only one of them will work.
Hmm, had the same idea, too, I'll try this tomorrow.
BTW, how do I check both auth plugins utilize the same rememberer so
one does not login with different sources at the same time, and the
common logout_handler works for both? ;-)
Thanks!
--
Sergei
> You should use different login and logout URLs for the OpenID and the
> FriendlyForm (the built-in one) plugins. Both plugins shouldn't be configured
> to use the same URLs, otherwise only one of them will work.
BTW, how do I check both auth plugins utilize the same rememberer so
one does not login with different sources at the same time, and the
common logout_handler works for both? ;-)
Thanks!
--
Sergei
Gustavo Narea
Jun 15, 2009, 3:45:47 PM6/15/09
to turbo...@googlegroups.com
Hi again, Sergei!
Sergei said:
> BTW, how do I check both auth plugins utilize the same rememberer so
> one does not login with different sources at the same time, and the
> common logout_handler works for both? ;-)
Good point.
I've seen you're using a rememberer called "auth_tkt". To re-use the one used
by the built-in plugin, change it to "authtkt".
You may find this useful, to better understand the exact settings used in
repoze.who in TG2:
http://tinyurl.com/repozewhatquickstart-setup-sql
HTH,
Sergei Beilin
Jun 15, 2009, 11:15:32 PM6/15/09
to TurboGears
Hi Gustavo!
> I've seen you're using a rememberer called "auth_tkt". To re-use the one used
> by the built-in plugin, change it to "authtkt".
Hm, that was the key ;-)
It's only 15 minutes of my working day and both auth methods already
work ;-)
Lots of thanks!
> You may find this useful, to better understand the exact settings used in
> repoze.who in TG2:http://tinyurl.com/repozewhatquickstart-setup-sql
Thanks, that will be helpful!
--
Sergei
> I've seen you're using a rememberer called "auth_tkt". To re-use the one used
> by the built-in plugin, change it to "authtkt".
It's only 15 minutes of my working day and both auth methods already
work ;-)
Lots of thanks!
> You may find this useful, to better understand the exact settings used in
> repoze.who in TG2:http://tinyurl.com/repozewhatquickstart-setup-sql
--
Sergei
Gustavo Narea
Jun 16, 2009, 6:14:41 AM6/16/09
to turbo...@googlegroups.com
Hello, Sergei!
Cool, I'm glad to hear you got it working. And you're welcome! ;-)
Cheers.
- Gustavo.
Sergei said:
Cool, I'm glad to hear you got it working. And you're welcome! ;-)
Cheers.
- Gustavo.
Sergei said:
Jorge Vargas
Jun 21, 2009, 8:49:52 PM6/21/09
to turbo...@googlegroups.com
I'll love to see docs and/or a blog post on that.
Sergei Beilin
Jun 22, 2009, 2:16:44 AM6/22/09
to TurboGears
Hi Jorge!
> I'll love to see docs and/or a blog post on that.
Had too much work. I promise to provide an example this week ;)
And also a patch to repoze.who.openid to fetch SREG data.
--
Sergei
> I'll love to see docs and/or a blog post on that.
And also a patch to repoze.who.openid to fetch SREG data.
--
Sergei
Reply all
Reply to author
Forward
0 new messages