howto make "master" app for users to login and have access to their info from "slave" apps

[Shawn Michaels]

I think about master app to hold credentials and info what slave apps are enabled for concrete user.

I considered shared db for auth, but it doesn't solve situation when user is not enabled to login to some slave app.

I suppose shared db would permit login to any slave app.

[HarpingOn]

This is not web2py related, but if you think about an identity provider such as Keycloak maybe, then you can set up a realm to hold your users, then each application can have a realm, and delegate the authentication back to the first one.

Then you can have your users with roles and access rights in each application, whilst only having a single place to hold users and their credentials.

You wouldn't even need multiple realms to use this in a simple case. A single keycloak realm with multiple clients and roles defined should be enough for a lot of use cases.

The unfortunate part is, I don't know how to integrate keycloak with py4web auth (nor actually on web2py).

I /have/ used this with Flask though (except I needed a change to the auth module I was using in Flask to enable role based authentication from keycloak).

This doesn't really answer your question though, I'm sorry. It's just how I've done this sort of thing in the past. It might give you some ideas.

Who knows, maybe an authentication provider could be written as a py4web app to do a similar job.