django_yosai ?
115 views
Skip to first unread message
ivan....@gmail.com
Apr 20, 2016, 9:13:12 AM4/20/16
to Yosai
Hello,
Re [1], what would it take to integrate yosai with django?
[1] https://groups.google.com/forum/#!topic/django-users/w4tz10-PXJY
Re [1], what would it take to integrate yosai with django?
Django is an interesting target to integrate with because it has hooks
for authorization checks, but you're supposed to implement them yourself.
Here's a high-level summary of authentication and authorization in django:
It would be really interesting if Yosai can develop (via plugins I guess) to be the one-stop-shop for authz,
Best,
IvanHere's a high-level summary of authentication and authorization in django:
- The User model is very flexible and handles login session, object ownership, etc.
It's possible to subclass or replace the default User model replacing it with a custom implementation
so long as implements the following interface:- get_username (returns the unique str identified for user)
- set_password
- check_password
- The Django Rest Framework plays nicely with User objects and adds a Token auth,
which is the standard way of accessing a dj. backend from mobile.
The tokens are stored in a special table and "point to" a given User object. - There are a bunch of other social auths: https://www.djangopackages.com/grids/g/authentication/
- Django comes with a authorization method stubs---a convention for the names of
the methods to call for checking authorization (has_perm, has_perms), which can be
used to set Class-level permissions (not object-level). - Third party libraries like django-guardian implement object-level permissions,
and various RBAC-like functionality.
Here are the top packages currently in that space:
https://www.djangopackages.com/grids/g/authorization/
Where do you see a django_yosai fitting in?
I could see a "django User backend" (what you call the DAO) for authentication,
and some sort of module to "outsource" authorizations to Yosai---though who takes care of the DAO then?
Not sure what to do with the sessions management.
Not sure what to do with the sessions management.
It would be really interesting if Yosai can develop (via plugins I guess) to be the one-stop-shop for authz,
including OAuth, js tokens, etc. If you can bring together the Flask and Django communities, and reuse
code between them it would be a really elegant way forward.Best,
[1] https://groups.google.com/forum/#!topic/django-users/w4tz10-PXJY
Message has been deleted
Darin Gordon
Apr 20, 2016, 9:40:47 AM4/20/16
to Yosai
Great to see that you share the vision about Yosai helping unify the python community!
About the plugin terminology:
I've bifurcated plugins into two categories: integrations and extensions. Integrations are client-side plugins and extensions are backend plugins. Social auth, ldap, etc would be written as extensions. django, flask, pyramid, bottle, falcon support would be written as integrations.
Thanks for sharing your django insights. Did you read the documentation I wrote about Web integration? https://yosaiproject.github.io/yosai/web/
The most simple of Django-Yosai integration solutions, where credentials and authorization information is in one data store, consists of a DjangoWebRegistry integration that hooks yosai up to request/response side of things.
If you don't want to use the YosaiAlchemyStore, there may be a way (not sure) to write a DjangoAccountStore extension that uses the AccountStore api, exposing data models that store user / authentication / authorization information
- look at the YosaiAlchemyStore project to see how I did this using SQLAlchemy, and check out the data model svg diagram for modeling ideas
- I'm not 100% positive about this approach
Reply all
Reply to author
Forward
0 new messages