There is a new patch available for multiple auth backends. http://code.djangoproject.com/attachment/ticket/1428/multiauth.diff
Authentication is handled by two lists of plugins. These are defined by the AUTHENTICATION_BACKENDS and CREDENTIAL_PLUGINS settings. Each should be a tuple of strings, simliar to TEMPLATE_LOADERS, etc. The defaults should behave the same way django does now. Credential Plugins A credential plugin is a callable that takes a request object, and returns credentials. Credentials are pretty much whatever you want them to be. Common ones would be a username/password dict, or a string (token, api-key, whatever). There's currently one for extracting a username and password out of post data (enabled by default), and one for extracting a token. HTTP Basic and Digest Auth are other options that people might want. They aren't implemented though. The plugins are ordered and if one fails to find credentials, the next is tried. Authentication Backends A backend must impement 2 methods, authenticate(credentials) and get_user(id). authenticate(credentials) checks the given credentials against a backend such as django.contrib.auth.models.User, LDAP, another SQL database, etc. If the credentials are valid, it returns a user, if not, it returns None. get_user(id) just returns a user that matches the given id, or None if one can't be found. Note that id doesn't necessarily have to be an integer. It just needs to be a key that uniquely identifies a user for this particular backend. The authentication api has been simplified into 5 functions in django.contrib.auth.utils authenticate(request) Returns a user if valid credentials were found in the request. login(request, user) Persist a user id and a backend name in the session. This way a user doesn't have to reauthenticate on every request. logout(request) Remove the persistent user id and backend name from the session. authentiate_and_login(request) Convenience function to authenticate a request and log a user in. Returns the user object, or None if authentication failed. get_current_user(request) This is automatically called by the AuthenticationMiddleware to set request.user. Someone may wish to import and call it, but I don't see why. All of this is still of limited usefulness because django's admin system, permissions, etc. are all directly tied to django.contrib.auth.model.User. The easiest way to handle this for now is to create a django user when someone authenticates for the first time. You would also need to setup their permissions, groups, etc. at that time. You do *not* need to save the password as a part of the user and you can *still* check the password against LDAP or whatever in your backend's authenticate method. It's all up to how the backend is implemented. See django.contrib.auth.backends.SettingsBackend for an example of this. I'm planning on using this email as the basis for updating the docs, so please ask questions where things aren't clear. As soon as the authentication docs are updated, I'd like to commit this. Joseph P.S. Not that I'm not really happy with the config code, and I'm leaning towards putting the main api functions in django.contrib.auth rather than the utils module. Suggestions are welcome. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
