Hi Paulo, On 05/22/2015 02:42 PM, Paulo Gabriel Poiati wrote: > I completely agree with the API design, it can be improved. What I'm > really trying here is to keep things simple. > > I don't see that importance in keeping the authentication backend > information in the http session (maybe I'm missing something),
It is possible to have multiple authentication backends with overlapping user IDs; some backends may not return User objects that exist in Django's User table. A user (in the broader authentication backend sense) is uniquely defined only by both the authentication backend and the ID; using only the ID could result in the wrong user being loaded from the wrong backend on a subsequent request. > we can > always use some kind of audit to handle this kind of information. I'm not sure what this means. > Let's think straight, we don't need to tell the Auth Backend if > settings.AUTHENTICATION_BACKENDS has only one element. > > So, I have a new proposal: > > If the application has only one backend we always infer it in the login > function. If it isn't, the client needs to provide one explicitly. I don't have a problem with defaulting to the only backend, if there is only one. Carl -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/555F9725.5000004%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
