I haven't use it yet but there is an authentication policy for
repoze.who in pyramid:
Si I guess you can use a standard repose.who/what middleware and the
policy will use environ[repoze.who.identity]
Btw I'm also interested by this topic. I like to see something like
django-socialregistration for pyramid
(https://github.com/flashingpumpkin/django-socialregistration) So it
would be great if you could share your experience.
--
Gael
> Thanks,
> Adam
>
> --
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to pylons-discus...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
>
>
My personal recommendation would be to use Pyramid's ACL/security system, and use normal username/password for the account sign-up. Once someone is signed-up, give them the option of 'linking' Facebook/twitter to their account. Nowadays, I just see way too many support/usability issues with supporting multiple sign-on methods. People forget whether they used twitter or facebook, and if they lose one of those accounts, or twitter/facebook have some issue, they can no longer sign into your site.
I think its fine if they can use one of those methods to sign-in in *addition* to having a username/email/password on file, as they can at least fall-back to that if they forget which other auth they used.
As for doing the Facebook/twitter connect, you might want to look at velruse, which makes it easy to do the actual handshake connect with either of them. That'd be useful for letting them link their account later from an account management page.
Cheers,
Ben