Pyramid application as authentication and datas provider
54 views
Skip to first unread message
tonthon
Mar 14, 2017, 6:28:47 AM3/14/17
to pylons-discuss
Hi,
We've got a Pyramid application providing many company management tools
(CRM, invoice management, calendar ...).
We'd like to develop an api to allow the other company web tools
(wordpress website, nodejs based apps ...) to :
- Authenticate against our Pyramid app;
- Access datas (Read/Write) through a Rest api.
So far we thought we'll use oauth2 (making our app both a Resource
server and a Authorization Server).
Does anybody has some feedback to share with us ?
Regards
Gaston Tjebbes
http://www.majerti.fr
We've got a Pyramid application providing many company management tools
(CRM, invoice management, calendar ...).
We'd like to develop an api to allow the other company web tools
(wordpress website, nodejs based apps ...) to :
- Authenticate against our Pyramid app;
- Access datas (Read/Write) through a Rest api.
So far we thought we'll use oauth2 (making our app both a Resource
server and a Authorization Server).
Does anybody has some feedback to share with us ?
Regards
Gaston Tjebbes
http://www.majerti.fr
Jonathan Vanasco
Mar 14, 2017, 9:01:05 PM3/14/17
to pylons-discuss
We do the same thing.
A few notes:
* I run the authorization API as a standalone app/service, and also run the read/write APIs as a third service. Our services have hit the api with their endpoint in their path (ie /api/v1/app1 /api/v1/app2) so they can be partitioned out later if needed and scaled independently. This may seem like a minor detail, but it avoids bottlenecks and lets you fine-tune the service allocations on your hardware. IIRC, our auth-only server runs under 70MB but our "all-in" app servers run north of 200MB.
* i modeled a very lowlevel oauth integration against flask-oauth. it's a standlone package that I can share or opensource if you'd like.
* i modeled a very lowlevel oauth integration against flask-oauth. it's a standlone package that I can share or opensource if you'd like.
* oauthlib has a bit of problem that may or may not affect you -- it requires a spec-compliant oauth server, which you can build but you can't rely on to consume. in the wild, most oauth servers are not fully spec compliant (twitter, for example, has some endpoints that will send data in both headers and content) . it's a bit of a hassle to get around, but you can monkeypatch if needed.
Randall Leeds
Mar 14, 2017, 10:46:48 PM3/14/17
to pylons-discuss
I started an oauthlib integration a while back. It's not feature complete and it's light on documentation, but if there's interest I would love to see it grow. It is meant to make it easy to create an oauth provider.
https://github.com/tilgovi/pyramid-oauthlib
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
To post to this group, send email to pylons-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/32d1bc7b-58d1-4e7c-9a6a-482f2e14a897%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
tonthon
Mar 17, 2017, 4:33:59 AM3/17/17
to pylons-...@googlegroups.com
thanks for sharing those points.
I'm not sure how to transform the existing app. I'll have to clean the
base code a bit before passing to implementing this part.
I'll surely have more questions later on.
I'm not sure how to transform the existing app. I'll have to clean the
base code a bit before passing to implementing this part.
I'll surely have more questions later on.
> --
> You received this message because you are subscribed to the Google
> Groups "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to pylons-discus...@googlegroups.com
> <mailto:pylons-discus...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to pylons-discus...@googlegroups.com
> To post to this group, send email to pylons-...@googlegroups.com
> <mailto:pylons-...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/pylons-discuss/32d1bc7b-58d1-4e7c-9a6a-482f2e14a897%40googlegroups.com
> <https://groups.google.com/d/msgid/pylons-discuss/32d1bc7b-58d1-4e7c-9a6a-482f2e14a897%40googlegroups.com?utm_medium=email&utm_source=footer>.
> https://groups.google.com/d/msgid/pylons-discuss/32d1bc7b-58d1-4e7c-9a6a-482f2e14a897%40googlegroups.com
tonthon
Mar 17, 2017, 1:49:19 PM3/17/17
to pylons-...@googlegroups.com
Have you tried https://github.com/elliotpeele/pyramid_oauth2_provider ?
It seems to miss some use cases but it covers quite well the oauth2 workflow
Le 15/03/2017 à 02:01, Jonathan Vanasco a écrit :
It seems to miss some use cases but it covers quite well the oauth2 workflow
Le 15/03/2017 à 02:01, Jonathan Vanasco a écrit :
Jonathan Vanasco
Mar 17, 2017, 4:15:12 PM3/17/17
to pylons-discuss
On Friday, March 17, 2017 at 1:49:19 PM UTC-4, tonthon wrote:
Have you tried https://github.com/elliotpeele/pyramid_oauth2_provider ?
It seems to miss some use cases but it covers quite well the oauth2 workflow
This looks a lot like my oauth1 solution.
Reply all
Reply to author
Forward
0 new messages